The fact that they're using Google Docs as an opt-out mechanicsm, asking users to provide all this unnecesary data and how "Google Docs" sounds like "Google Dox" is just poetically hilarious to me
The worst thing is, both with the opt-out by discord and the opt-out via the doc, you give them more stuff to link to your character, specifically your google account name and discord handle. And in the end you need to trust the developer who created this unhinged plugin in the first place to actually opt you out and like lol lmao.
It's just been disabled due to mass reporting, but they can appeal it and there's a high chance it can go back up if it hasn't violated TOS. Technically this is on SE for bad implementation and allowing that account ID to be exposed.
@@orenji Seconding this. If the appeal is accepted then that specific repo will most likely be untouchable when it goes back up. Brigading never does any good.
Worse part is, there are some content creators who have multiple characters, one for streaming, some to play with friends/casual, and now "fans" can use it to stalk them on their off time because they want senpai to notice them!
The worst part is the fact that your email comes up. That crosses the line between in game and not in game for EVERYONE forever. I honestly do hope SE bans mods at this point
@@StayCalm0 they already do ban mods. What I hope doesn’t happen is that square enix starts looking at anti cheat rootkit for this game. Not only does that garbage not work on my system, I can’t stand the idea of running it anywhere near my data. The simpler fix is to stop shipping this much data to the client.
@@possumsmuggler Sorry that was my mistake. I had the video on and looked away at 10:54, just hearing him mention his email. I didn't realise it was for the opt-out form, but that only makes it slightly less sketch. In order to opt out of a stalker plug-in, you have to provide even MORE personal information to the developers of that stalker plug-in. And beyond that I think it's safe to assume that "feature" is coming anyway since ff14 is such a poorly coded game that SE probably has your email linked somewhere in the files lol
If they step in at all, they'll need to step in hard. So that is in general a bad thing. The game can disguise the information better, or alternatively Dalamud can block it themselves.
Nah, I'm sure it's impossible for then to implement something to counter this, at least until someone actually makes it as a third party, then it will magically become possible.
Fulltime developer and casual cybersec enthusiast here. THE PLUGIN IS NOT THE PROBLEM. It only tracks data that is publicly available, even if you take the plugin down, people with malicious intent can still extract the same data just as easily. The real issue is amount of data SE api shares. There's really dangerous trend in the community treating the plugin itself like the source of the problem - it is not. It's just a result of bad decisions on SE part. If SE simply doesn't return the data like account ids to anyone but the authenticated player, things like this won't pop up, because it won't be practically possible.
While I do agree with you that ultimately SE are the ones at fault here, I think you cannot in good conscience say that the plugin is not a problem when it enables, borderline criminal or is it criminal behavior, well either way, online stalking. Yes it is publicly available data and yes those with malicious intent could've gotten their hands on that data either way, but one thing is when a person needs to do that manually and another when it's "one" click away.
There is zero positive spin you could give this plug in. There is no reason for anyone to have this information unless its willingly given to you by the player. Like even some of the worst offended plug ins can be spun with 'well vison disabilities, motor function disabilities, people playing with limited hand movement' like fine sure, I bet thats 2% of the people who use it but alright. Who care's if someone who's legally blind is using cammy to better see the arena so they can just try their hand at raid content and raid with their casual static? Who care's if someone with motor skills uses cactar because their hand eye coordination is impaired and the heads up helps them adjust. There not doing world first I don't care. But THIS is wild.
I mean the guy who made it literally did it so he could find out who was undercutting him on the market board. Dude is already a weirdo no surprise there's no benefit to it
Something that can be done with the plugin is tracking marketboard undercutting and/or monopolies, when certain players log in to do their retainers (or other activities), etc. This enables targeting, harrassment, witch hunts, mass account-wide reporting, etc. Unbelievable.
It's worse that you might think. The guy released the plugin working locally, meaning that not only if you opt out it doesn't do anything (opt out only works for the main server of the plugin with only a few users) but also the vast majorioty that is using it locally. This also means a lot of data has been scrapped already by multiple different people that have the plugin working locally, like mini data bases here and there. The only true solution at this point would be for SE to re-generate the ID's for the players and redo blacklist to not enable these id's to be opened for grabs. I feel like this whole situation is on SE, this might have been happening all along and only now it turned public when it shouldn't have happened in the first place.
From what I've seen in conversations regarding the subject, the creator got pissy about being undercut on the marketboards so he wanted to find out who was doing it, and it just ballooned from there. Like.. dude. Touch some grass, it is not that important a thing to be doing something this shitty.
we've weathered worser storms than this an plus the stalking problem has always existed in this game its nothing new just people are starting to finally stop being ignorant to it because its had this huge spotlight shown on it. all thats likely to happen is that the developers are going to make a PR statement once again warning players of the ToS an that such disruptive behaviors will result in a permanent ban similar to what they did with the world first cheaters from a while back.
>not SEs fault It 100% is on their shoulders. They built a system that fundemantally sucks in the way it was implemented. It works the same god damn way the friendslist and marriage rings work, one way. You delete someone off your FL, well too bad, you're still on theit FL. Divorce someone in game and toss your ring? Too bad, the other person can STILL teleport you if they keep their ring, EVEN IF YOU GET REMARRIED. The new blacklist system was just lip service to appease the loud crowd without actually implementing it in a correct way. 100% pure laziness and bad design on SEs part.
it works for it's intended purpose, the issue is how they implemented it. there's no way that nobody at SE thought "sending this much information to the client" was a good idea, if so, that's basic literally incompetence. the fact that this isn't even the plugin, but just in general, since you can apparently do this with cheat engine AND wireshark. even if they have kernel level anti-cheat and it doesn't work with cheat engine/wireshark, just run FF14 through a VM and wireshark the VM (scambaiter for example does this all the time, they let scammers connect to their VM and then use wireshark to reverse the connection. (also find out live where the scammers are)
As long as they dont fix it (whatever they see as the fix), someone will always be there to collect all of that data for x or y purpose. Incredibly careless on their part, it almost seems deliberate.
How the fck is it their fault when you mofos mod the game and temper their data content? Its already illegal to to even used 3rd party tools. People just cant play the fckin game without having to do any of this nonsense
@@Joppheimer You are emotionally charged about the situation and thus have one of the worst takes imaginable, this is entirely on Square Enix to maintain a game that does not leak personal information to other players. They are also i'm 100% sure aware their players use plugins. This really does just seem like incompetence from a developer.
If there's a shred of personal information, even general location, then it'll become a legal problem, over the privacy policy. It would make sense for square to just demolish plugins. Their only worry about detecting them is, you guessed it, privacy concerns. If the mods do it, then they gave square no choice but to pull the trigger and do it themselves to protect their users. Little privacy policy update, little note from Yoshida to ensure player's privacy is safe even with this new agent that scans your processes. Donezo.
The fact we still don't have a statement on this make me worried that there is no easy fix and they can't hide the ID. Though it is ironic that they recently made a move to make harassment of employees harder to do while simultaneously make the harassment of players a thousand times easier for stalkers. This has been an issue since DT launch, but has got widespread acknowledgement by the community the last five days.
So the only good thing that could come from this and that is to identify your own stalker. However, this is a horrible plugin that might spark a really hard crack on any mods. Even harmless ones just for customization. It's not the end of the world, but this is why we can't have nice things. This dev should have kept stalking to him/herself.
Only good I see if the whole SE use it for there GM on bots too find them better and blacklist them and now I know why I get spam messages in my person jezz bot farmer's are using this hardware with others too get better info
@@jakkandjing it has nothing to do with anti cheat, it's SE's infrastructure exposing data PUBLICLY that the plugin consumes. Even if SE adds vanguard type anticheat to ffxiv, they'll make a separate standalone app that can do the same thing. SE needs to change what kind of info they expose to public.
tbh they have to do a lot more. possibly persue legal action, cause those ppl already have a database with over 900k characters logged since dawntrail. if you played dawntrail, you are already comprimised. dont know how SE is gonna scrub all that data from the malicious actors.
@@jakkandjing 1) SE knows that a sizeable amount of their playerbase uses cosmetic/QoL mods that aren't "cheating" and I highly doubt they would want to risk losing that source of money when the game has been losing other players. 2) Like Winlith said, the source of this problem is SE having data that by all rights should be private openly available for anyone to exploit, and anti-cheat isn't completely foolproof.
@kungfuvoodoo9889 At this point I don't care. I want all mods and plugins banned. Paying player base leaving be damned. If the player base drops enough that the game is unsustainable without mod players so be it.
The thing is, it's already released into the wild. Even if the main download is removed, it's too late. This is only something SE can address by fixing their data security.
Please note, even though the github has gotten banned, there are already forks.. Someone else already pointed out this in the comments, the main source may have been blocked but its the fact that the forks are already out and active.
Breaking news. The Github for the Player Scope plugin was closed and locked by the Github staff for violating the Github terms of service. If you pull up the plugin site you can confirm what I'm saying here.
Probably an automated ban on github's part because of mass reporting. There's a chance it might go to appeal because it's likely debatable if it's something that actually violates github TOS.
Who wants to bet that someone, at least a single soul, at SE pointed out during development that this was going to happen but shipped it anyway because they decided to trust on their players' good will?
May have been related to the corporate hierarchy. Obviously the west is in no way immune to such things, but that shit is very pronounced over in Japan. I don't know the company culture at CBU3, obviously, but that's my assumption.
I'm not familiar with mods and plugin on FF I know they work differently then wow but isn't this basically a data breach for SE? like most of this information should only be known between SE and the player but now all this information is known to everyone that uses this plugin
its public knowledge already like usual the community is bored cause dawntrail sucked immensely an are fishing for any drama they can to occupy their boring lives. is it bad ? yes it is but its also not a new occurrence. this game has always had baby tantrum throwing players in it or perverted weirdos you find out quickly who they are they aren't hidden or hiding themselves at all. if people looked up your lodestone profile they would already see everything like this plugin does minus the alt characters. but to combat that the developers gave people the ability to hide your profile stats an such. an the blacklist features were also created because there was a plugin doing it so devs just wanted to make their own version of it in good faith that the players would see that they do care about what features matter to them etc
I'm someone that has been tracked down due to a market board battle. This was a while ago and I'm pretty sure wasn't related to this plugin - they tracked me based on my retainer naming conventions, my lodestone and a site I had granted access to my lodestone ID. I'd also joined that site's Discord. They sent me an in-game tell and then admited how they had tracked me down and sent me a Discord DM. I was unnerved, but they explained their process of tracking me down, apologised and we reached a (somewhat) peaceful resolution. I've since ensured my discord does not link to any RL information. This plug-in debacle is very concerning and a massive oversight on SE's end. My point is - people could track you WITHOUT a plug-in like this, but the idea of this being widespread is very scary.
you'll always fall back into a pattern, that's human nature, so at some point you'll fall back into a pattern and people can recognize patterns. i've pissed off a lot of people so i'm kinda amazed that this never happened to me.
Why do we need to consider this person as part of the community and not some weirdo doing stupid creepy shit that the majority of the players (which are part of the community) denounce this type of shit? Stop enabling weirdos by putting them into a group. Single them out and make them the creep.
To be fair the bald man is more likely to cover bad stuff/drama. 99.9 percent of the community just want to dress up their catgirls and enjoy the story.
I can't help but think of the kind of brainrot that can lead someone to hear something like this and think it's specifically an ffxiv thing. Like cool, you can hate, but you, like everyone else, only found inside what you yourself brought in.
Y'all think SE will do something about this, but it took them 10 years to adjust the blacklist in response to complaints of stalking. The update did nothing to stop the stalking, it just made it so YOU can't see it's happening. SE does not, and has never, cared about it's players.
There used to be a plugin that would tell you what duty had popped when your roulette queue popped, so you could just not accept the duty if you didn't want to. For example, you queue for leveling roulette, it pops, you see that it's Aurum Vale, you back out. The game used to send the duty information to the client BEFORE you accepted the duty, and that plugin grabbed the data for you. SE changed it so that the client would not receive that information before accepting the duty, therefore breaking the plugin. There is a historical precedence for SE breaking a plugin ON PURPOSE by changing what information is sent to the game client.
@@KZorander it's also with Deep Dungeon, they used to send everything to the client, including floor layout, trap locations, chest locations (and contents) there was a cheat program that would read this data and visually add it to your screen (kinda what plugins do now, but back then Dalamud didn't exist, so it was something different) SE changed how that worked and now all of that remains server side, no idea how SE will navigate this, but it'll be a bit different though.
the solution to this is to anonymize player data for blacklists and make it server-side and send that data encrypted and start suing people who break the encryption (because that's a violation of US federal law).
yep, an encryption or just not make your client deal with this, this was never an issue before the new BL system, the fact that the new BL system requires all of this information so that it can also BL the alts is the main issue. the moment it enters your client is when you can manipulate it, so they need to avoid that.
And even if they tailor the IDs to your specific client, it only raises the difficulty a bit, but not by much. You've got plenty of other known information sent to you to use (like, for starters, their name at that point in time) for establishing some certainty in linking up with prior observations. There's some other things they can do to obfuscate, like changing ID numbers on character renames rather than reusing them, but as long as a stable identifier is sent to you for a whole account, someone determined to build this kind of player profile will have a very easy job doing so. The only reliable fix is moving friend and blacklist to the server.
True. All it takes is 1 Renegade Modder or User abusing a Plug-In like this to collapse the entire use of 3rd Party Add-Ons like a Jenga Tower. I agree, this will literally force SE to do something. If they don't, this game will lose players a lot faster than what the Dawntrail did.
Definitely screams cybersecurity issue at hand because this can even go a step further if one uses their creativity to do more with it. I agree this plugin shouldn't exist and the sad part is people don't care about it until it happens to them sort of issue.
No? It's because third-party programs and plugins are huge security risks and can alter the game experience in an unintended way. They don't like plugins like this for this very purpose. They never had a chance to be taken seriously and NEVER will.
It's funny how FFXIV is reaching a point where addons/plugins are both keeping the game alive and killing it at the same time. The complete lack of action and clarity about the subject is pretty amusing. The game is already losing players for other reasons. Trying to address anything about plugins/addons right now would only make it worse, no matter the path they choose. I guess that's the price for taking things for granted for so long now.
this isn't even because of the plugin, the plugin just revealed the massive flaw, which the flaw always existed since it was added. the biggest issue here is that SE's new blacklist system sends all of that data from the server to the client, and the client then filters out based on your blacklist (to save on cost) what ended up happening is kinda how ACT works, ACT doesn't directly interface with the game, it detects the network that FF14 uses, reads it and then shows it in readable format. that's literally what the plugin does, it detects the pakket responsible and makes it readable. (this can also be done with other programs unrelated to FF14, such as Cheat Engine and Wireshark, even if FF14 actively detects and stops working when detecting these 2 programs or any other program doing this on your machine, other machines can also detect the network activities from your machine, but even then, if someone really really wants to, they can just setup an VM and play FF14 on that, while running Wireshark on the main PC while monitoring the network activity from FF14 that runs in the VM.
Food for thought: the plug-in cuts both ways. This would out any harassers on their alts as well. For example, if you ran Lionel through that thing, it would show all his alt characters. So harassers beware...not as hidden as you thought.
I imagine they're probably going to consider adding an anti-cheat because of this. Sure people are going to pitch a fit, but this is what happens. It's a nuclear option but it'll likely be for the best.
This is like having a regular everyday person walk into a police precinct and access the criminal record database. This is power that should only be meant for Square.
The problem with "opting in" is the root problem remains. ANYONE can make a plugin like this because the data to do so has been made readily available. If this plugin makes it so that you have to opt in ANOTHER plugin can just do the same thing this one is doing. The only true solution is that SE must fix the problem on THEIR end and not make personal information freely available to the game client.
Source code is now public, so its irrelevant what the original dev does going forward as the framework is there for someone with a little knowledge to take that code and make their own modified version. The only solution is SE intervening.
The opt-out form makes me really feel like this is made for data phishing to sell people's data. Once you provide their email, they can locate your name and sell just info off. I'd rather have the virtual stalking than willingly provide data brokers my information easier than it already is.
I remember reading about improved blacklists, thought, "Hmm, somehow I think this is going to go bad, couldn't tell you how", saw that old reddit post about it sending info client side, and was like, oh, yep, there's the first boot. This is the other boot.
Man, I remember someone in the FRU cheating video getting pissy with me when I said "SE needs to grow a pair" in regards to plugins. I'm sitting here now, feeling incredibly vindicated because I knew it was only a matter of time before some weirdo would do this. The modding community at large, whether they want to admit it or not, created this monster so now they gotta stop it. Granted, I'm taking a break until the next update. Democracy is calling my name in Helldivers 2 and I gotta hunt monsters in February
One good thing that can come out of this is with malicious players you want to avoid or not rejoin your FC, you can see if their alt is attempting to cause more harm. Data collection is neutral ethically speaking, it can be used for good or for bad.
You know what would be funny, if Dalamund made it so if it detects someone using that plugin it sent a report to SE that they are breaking TOS (using mods and plugins), and would result in that user having their account possibly flagged and or banned.
Okay, but lets not pretend that FF14 doesn't have a stalking problem, even without mods/plugins. The blacklist/ignore system is a joke. You can't see them or what they say but they can still see you and what you say? They can still player search for you, look up your lodestone, etc. (My friends and I tested it.) So...I think square needs to worry about it on their side of things as well.
but people will always be able to stalk you, but being able to basically remove them from your life is the best way to do it. in the end why does it matter that they can see what you say, if they can never reply to you or talk to you ?
Wouldn't be such a stalking issue if SE made Friend Lists mutual, rather than you staying on their friend list after removing someone. How it's taken nearly ten years to figure out how to do that is beyond me.
Will be pleasantly surprised. SE needs to grow a pair. All these rules about being nice to eachother, yet they are this relaxed with data security. Pretty embarrassing for SE
Thing is, they could push a lot of content fast, but instead of reacting to the current moment or making more content for next patch as priority, they will focus on creating the content for the next expansion, while having similar content packages for every 0.X patch like they have in the past. It sucks, but they use the same formula for every content patch and expansion and there is no surprises.
Chiming in as someone from the D2 community regarding game devs suing plugin devs. It's totally doable, and in our case, Bungie won lawsuits against cheat software devs; while not all plugins are cheating, the tl;dr for that lawsuit was more the third-party devs violating TOS and IP rights. Squenix can take action against this one dev legally, I'd presume; the question is both if it is worth it to go after the dev/s, and if this will end up opening a can of worms where Squenix (considering the official stance on plugins) decides to go all nuclear and maybe sue Dalamud.
With stuff like this and cheating. I'm really starting to count the days until SE introduces some kind of anti-cheat to XIV. It would be bad because it would hurt people who use costmetics mods, but if some people can't appreciate the state we're in now and have to use plugins like this. Sorry, but that's too much.
14:15 100% agree. What worse is that even if you removed the ID numbers, it's still creepy as shit. Why do you need to know my alts, retainers, etc? Seriously, why do you need to know that? It's like you said it's a stalker tool. It serves no purpose. This isn't some better version of the friends list. They literally said they just want the data. But fucking why? Are you going to sell it? Are you enabling stalking? I feel like someone is going to get hurt before all this is said and done. If I can get your account ID, what's to stop me from getting your address? What's to stop me from taking this IRL? It's fucking sick.
The only use case I could immediately see from any of the info from the plugin used is with the plugin Visibility and its Voidlist, which even then wouldn't need to share details with the actual end user. It could link it in the backend to make it so you cannot see any of the associated characters of an account. The Voidlist essentially being the blacklist on steroids, making even their character not render alongside blocking messages from their character. This is meant to allow you to disable bots, harassing, or annoying players from even being visible to the user, and I could definitely see an argument to allow it to extend to accounts as then even if a harasser made a new character it wouldn't be visible to their target but I don't see value in an account being able to be used as an extreme lookup where you can track where others are doing.
This is the sort of shit that is going to get all mods banned. we can't have nice things anymore like just aesthetic mods, someones always gotta go out and ruin it for everyone else
@@nhedd0s839 in practice no - square doesent enforce that clause of their terms of service on anyone outside streamers - never did , its only there to prevent legal trouble in japan cause their laws dont allow mods or plugins
@vtbbbnk these rules have been enforced before. A Twitch streamer was previously banned for using mods to more or less set an example. Try talking about mods in general chat in-game. It's still a bannable offense regardless of how you twist it.
@nhedd0s839 did i mention = they only enforce it on streamers lol- talked about mods in game multiple times before both in fc chat , in say chat and even across two different data centers , was on crystal , where everyone freely discusses mods and after 2023 on dynamis the dead dc = no ban because square doesent give a fuck about enforcing their no mods allowed clause for anyone except famous streamers and once in a lifetime hey just so we dont run into legal trouble with japanese law public show off ban that everyone forgets about afterwards
Could you be as kind to -hide- the info you pull up? Blur it in your youtube vid? It's bad enough that this plugin is there because some dude wanted to know who undercut them. I saw someone I know in there... and that means, you're spreading their info over youtube now. I'm sure other folks don't like it either. It may not be very useful info, but a lot of people have had problems with stalkers ruining their gaming experience for them. This encourages the stalker behavior.
Between the Friend list not being two-way removal and the bizzare state of the lodestone character links, stalking was already bad in FFXIV. Its why I left the game after so many years. This new addon is just the icing on the cake.
When you blacklist someone, the blacklisted person just doesn't appear for you anymore. The blacklisted person can still see you... SE didn't even make a good BL feature. If we disregard the other bad stuff they changed.
i will probably just get written off as a "Modbeast" (if thats the worst thing i get called in my life id say i had a good life) but everyone screaming to just ban mods has very little understanding of the harm that would cause. Cause A i would not solve the stalker problem and B it would hurt the game. It may not outright kill it but it would be a noticeable dip in revenue from players that would quit just like that.i know people that don't even mod but would quit on principle alone for there being an anti cheat. Square as company cant afford that right now. There struggling on a finical level and 14 is pretty much keeping there head above water and plugs are huge factor to why people are keeping the subs going.
You don't have to be modest, it would absolutely kill the game. It's no secret that a good 80% of players use at least some kind of mod whether it be simple glamour stuff, raid related or the whole red flag.
this plug in. does explain how many players know EXACTLY where to go the second a streamer starts streaming, and also how they get harrased in game when playing off stream
21:27 this is fearmongering, chatter is not thinking. this functionality in a plugin, while possible (the reason dalamud advises against 3rd party), would have to be hidden for obvious reasons. Which is impossible in an open source plugin, which means if you installed a closed source unvetted plugin - the only way something like this can fly under the radar - you deserve the bad results.
When i saw the title, I thought this was going to operate just how most games do, getting logon alerts and seeing location, like what is just built into most games. No this takes things way further.
So, I have had full on stalkers in XIV.. for a l o n g time. It's absolutely terrifying and scary. I don't understand why people would do stuff like this ):
Ignore them and move on. If you're letting someone else affect your enjoyment of the game, then maybe reevalute why you're playing the game. The internet is full of ppls who do shit like that. There is literally nothing they can do to you in game that you should be allowing to affect you irl. If you think otherwise, maybe seek some help. Its literally just a video game.
Gonna ask a question that might have an obvious answer but I'm asking it anyway, what classifies as a "stalker" in this game? You can set yourself to busy and blacklist/ignore people and they literally can't do a single thing to you anymore. I once had a guy send me weird/creepy messages after a PvP game, blacklisted and never saw them again, am I missing something?
@ you hit the nail on the head with this, and I agree completely. Anyone being "stalked" can do numerous things to ignore their "stalker". Im not condoning the creation of this plugin, cuz yeah it is pretty creepy and highlight some real issues with on the backend of the game. But at the same time, its kinda on the person being stalked to take measures to straight up ignore the stalker in some way shape or form. Acting helpless and letting someone get to you in a real way inside a video game takes a certain amount of acceptance which can easily be negated in multiple ways.
@@mokustabby4865 Spoken like someone who has never had to deal with anything like this. It's not a matter of "letting" anyone do anything. When someone follows you and harasses you almost every single moment you're logged in, tell me how that won't affect your experience with the game. You're trying to hang out with your friends, they're there. You're trying to do quests, they're there. You're crafting, they're there. Tell me how that won't affect your enjoyment of those things. You need to stop putting responsibility on the victim for being hurt by things meant to hurt them.
@@mokustabby4865 yeah, that's my issue nowadays when people say "FF14 has a stalker problem" I could understand pre-DT due to how it worked and you could still see that person and they could actively annoy you. now if you BL someone, they just dissapear, like they never existed to begin with, not just that character, but every character that guy has on the account. this plugin just exposes how SE tried to cut corners by making the client do most of the processing work instead of doing this server side.
I say this is just the beginning. There will be more malicious plugins coming in the following years. Once players truly realize that they can literally do ANYTHING without limitations or rules being set, then that will lead to serious chaos. It is time for SE to adjust their stance towards mods and plugins and finally get the playerbase in line again.
it still shows you. even if you opt-out from their google doc, it doesnt fully erase you. theres nothing you can do about it until SE fixes this, even then not really cause they already have the data.
Terrible plogon, but the only good I could see that could come of this is finding people making alts to start drama/pretend being someone else (This happens alot on Faerie) to like... re-friend their friend group to either stir trouble or just relive that new friend high (super weird). Not saying that its a good plogon, just engaging in the convo. Ff14 players stay normal challenge, it truly is content draught.
my tinfoil had started rattling when you talked about this, imagine someone being able to get to your account information, login and and pw and stuff, might also be able to get to your buy history and payment informations, which could mean that they can get into your bank account... not sure if that's possible, but in my head that's the next step somehow
That's fearmongering not tinfoil. You won't get compromised this way unless you install something dodgy yourself, which you're warned fairly about if you use Dalamud.
I mean, yeah it's ok if you use 3rd party for cure your skill issues in-game like DoT tracking, mech learning, rotation learning etc. BUT when u make mod, where only MOD USERS can set their data to private it's LITERALLY makes advantages that applies on community. HOW, as a PS5 player, I can prevent myself of data gathering??? I know that this info can't help get my account stolen (I hope so), but it's so weird when u got dm about your alt when you are on your main acc.
While I personally dont have any concerns, I only use one character soo no alts to track. I still see no reason to need this info and any reason that comes to mind is a negative
one thing i can think about as for it beaing good is for club owners to be able to know the alts of people who they banned from a club due to their behavior other then that nothing else good and this dosent even comes close to beaing a good enough reasone for this plugin to be created
To be fair, it was stupid of SE to send ID's without crypting it and make it work server side, it's the basics of every single *WEBSITE* not even programs or apps, which usually require the same level of security, they were asking for this kind of trouble.
I was talking about this with a friend of mine who told me and I quote: "I learnt at Uni about client-server differences and the fact you MINIMISE the amount of data on the client." If that isn't showing SE's incompetence, I don't know what will. This went through planning, designing, implementation, testing, AND QA... and nobody picked up on the issues?
@@MN35A don't forget that SE had this issue in the past with other things. For example there was a plugin that could see what duty you would get BEFORE you accepted, so if you didn't like something (for example Alliance Raid and you see Dun Scaith, you could just withdraw) Also Deep Dungeon had this issue in the past, where the server would send the client everything, map layout, monster locations, trap locations, chest locations, content of said chests etc. so there was a 3rd party program (this was before Dalamud) that would basically parse this to your screen, so you could see through the walls where each monster, chest, trap was and basically the entire floor was instantly displayed. (they later on made this information all server side, that's why trap plugins are unreliable, it can try to "predict" but never 100% accurately show you, since traps are there, but only the server knows this till it's too late)
you are also aware that an IP does nothing right? if i'm permanently IP banned, guess what I can do, I can call my ISP and tell them that during a livestream I accidentally opened a website from a viewer and it exposed my IP. within 5 minutes my IP is permanently changed, it's that easy (let's not forget VPN's) But also, if your next action is "hardware ban!" sure, let me fire up my VM (plenty of tutorials on how to make your VM take everything from the actual PC in terms of hardware, except that it's then brand new hardware and that isn't banned)
I think there is a misunderstanding of the end goal. I know it won't stop 100% of people and that there are ways around it. I also know about the existing rules related to plugins. What I'm suggesting is making it such a chore if they do get caught that it at least disincentives it to where less people will bother in the first place. The devs just need to rework the system itself to no longer allow obtaining the data in the first place.
@@ZaestraXD they can stop the bleeding for starters at least and then shuffle everyone's account ID around to make the old data irrelevant when they search those old account IDs. that should "mitigate" it at least, they can also make this data be server side instead of client side, the reason they made it client side is so that your computer/console has to do the heavy lifting, instead of the server. (which with doing this every single player out there can be quite taxing I guess) But instead of making your client send to the server "I got X, Y and Z on my blacklist" and then the server tells the client to filter X Y and Z, the server just sends everyones character ID and every other information and then let's the client filter it out locally, which is just piss poor. for example, years ago when PotD was the only Deep Dungeon, everyone was client side, floor layouts, treasure locations, hoard location, traps, monsters etc. so the server send this data instantly to the client, some 3rd party tools intercepted this and parsed it on your screen live. they then made it server side instead, so the game still knows what floor layout it is, where the mobs are, but all of this information is send when required. for example if you open a chest, the moment you open a chest, the server tells the client what is in that chest. if you're coordinates hit a trap, the server will tell the client "you hit an explosion trap" and then blow up. I guess that's why it sometimes feels like traps move in Deep Dungeon? i've had it a few times where I stand still and then trigger the trap, guess it can be the server telling the game I hit the trip and then it triggers a bit later.
Couldnt this plugin also potentially have been used defensively? At the very least it seems like it could be used to parse out creeps who pretend to be a friendly on one character someone might be friends with, who often switch to alts on same account to be two-faced or predatory on another character with potentially the same 'friend' or others, with the victims none the wiser.
I suppose it could be good for Free company recruitment if your looking for specific rolls or whatever, Or if your doing some sort of social research on the game still a bit weird tho
imagine having the skill set and data to make an addon like this and NOT just making a better/accountwide friends list? guy is nuts, esp if the MB undercutting is rhe reason for all of it. I don't like undercutting, but unfortunately it is the nature of a community run market.
FFXIV Players Being Normal Challenge
Difficulty: CATACLYSMIC
No shit, theyre all mentally ill af 😂
I used the stalker plugin to find out what type of beard oil Xeno uses and now I'm bald, help?
It's all downhill from here. Soon you'll even prefer playing Warrior over other jobs.
alas, its too late for you. bald 4 life
Warrior is the best job tho. . . wait
The fact that they're using Google Docs as an opt-out mechanicsm, asking users to provide all this unnecesary data and how "Google Docs" sounds like "Google Dox" is just poetically hilarious to me
The worst thing is, both with the opt-out by discord and the opt-out via the doc, you give them more stuff to link to your character, specifically your google account name and discord handle. And in the end you need to trust the developer who created this unhinged plugin in the first place to actually opt you out and like lol lmao.
it was shutdown on GITHUB its probably been reuploaded but the main link is now gone thankfully.
It's just been disabled due to mass reporting, but they can appeal it and there's a high chance it can go back up if it hasn't violated TOS. Technically this is on SE for bad implementation and allowing that account ID to be exposed.
@@orenji Seconding this. If the appeal is accepted then that specific repo will most likely be untouchable when it goes back up. Brigading never does any good.
It's already on gitea
@darklorty Of course... People are so weird man lol
Its on our discord or i can give by dm
Worse part is, there are some content creators who have multiple characters, one for streaming, some to play with friends/casual, and now "fans" can use it to stalk them on their off time because they want senpai to notice them!
The worst part is the fact that your email comes up. That crosses the line between in game and not in game for EVERYONE forever. I honestly do hope SE bans mods at this point
@@StayCalm0 they already do ban mods. What I hope doesn’t happen is that square enix starts looking at anti cheat rootkit for this game. Not only does that garbage not work on my system, I can’t stand the idea of running it anywhere near my data. The simpler fix is to stop shipping this much data to the client.
@@victisomega4248 Their cyber security is abysmal. They will never figure out how to prevent this data from being shipped
@@StayCalm0 wait what, email? whered you find this out??
@@possumsmuggler Sorry that was my mistake. I had the video on and looked away at 10:54, just hearing him mention his email. I didn't realise it was for the opt-out form, but that only makes it slightly less sketch. In order to opt out of a stalker plug-in, you have to provide even MORE personal information to the developers of that stalker plug-in. And beyond that I think it's safe to assume that "feature" is coming anyway since ff14 is such a poorly coded game that SE probably has your email linked somewhere in the files lol
i really think this is the time SE needs to step in this is way over crossing the line
Yeah and ban all mods and ruin it for everyone dumbass yall act like they are gonna steal your SSN
If they step in at all, they'll need to step in hard. So that is in general a bad thing. The game can disguise the information better, or alternatively Dalamud can block it themselves.
Nah, I'm sure it's impossible for then to implement something to counter this, at least until someone actually makes it as a third party, then it will magically become possible.
People can already stalk others without plugins. Square needs to worry about their current systems as well.
The "best community" keeps pushing it. Charging up the limit break bar that will finally lead us to an anticheat software being implemented
Fulltime developer and casual cybersec enthusiast here.
THE PLUGIN IS NOT THE PROBLEM. It only tracks data that is publicly available, even if you take the plugin down, people with malicious intent can still extract the same data just as easily. The real issue is amount of data SE api shares. There's really dangerous trend in the community treating the plugin itself like the source of the problem - it is not. It's just a result of bad decisions on SE part.
If SE simply doesn't return the data like account ids to anyone but the authenticated player, things like this won't pop up, because it won't be practically possible.
While I do agree with you that ultimately SE are the ones at fault here, I think you cannot in good conscience say that the plugin is not a problem when it enables, borderline criminal or is it criminal behavior, well either way, online stalking. Yes it is publicly available data and yes those with malicious intent could've gotten their hands on that data either way, but one thing is when a person needs to do that manually and another when it's "one" click away.
There is zero positive spin you could give this plug in. There is no reason for anyone to have this information unless its willingly given to you by the player. Like even some of the worst offended plug ins can be spun with 'well vison disabilities, motor function disabilities, people playing with limited hand movement' like fine sure, I bet thats 2% of the people who use it but alright. Who care's if someone who's legally blind is using cammy to better see the arena so they can just try their hand at raid content and raid with their casual static? Who care's if someone with motor skills uses cactar because their hand eye coordination is impaired and the heads up helps them adjust. There not doing world first I don't care. But THIS is wild.
I mean the guy who made it literally did it so he could find out who was undercutting him on the market board. Dude is already a weirdo no surprise there's no benefit to it
@@marslara Yeah there's no way you'd make something like this unless you're completely deranged
Something that can be done with the plugin is tracking marketboard undercutting and/or monopolies, when certain players log in to do their retainers (or other activities), etc. This enables targeting, harrassment, witch hunts, mass account-wide reporting, etc. Unbelievable.
It's worse that you might think. The guy released the plugin working locally, meaning that not only if you opt out it doesn't do anything (opt out only works for the main server of the plugin with only a few users) but also the vast majorioty that is using it locally.
This also means a lot of data has been scrapped already by multiple different people that have the plugin working locally, like mini data bases here and there.
The only true solution at this point would be for SE to re-generate the ID's for the players and redo blacklist to not enable these id's to be opened for grabs.
I feel like this whole situation is on SE, this might have been happening all along and only now it turned public when it shouldn't have happened in the first place.
From what I've seen in conversations regarding the subject, the creator got pissy about being undercut on the marketboards so he wanted to find out who was doing it, and it just ballooned from there. Like.. dude. Touch some grass, it is not that important a thing to be doing something this shitty.
the FF community cannot handle being normal for more then 15 minutes when there is a new way to harass or stalk people. and ruin mods for everyone
we've weathered worser storms than this an plus the stalking problem has always existed in this game its nothing new just people are starting to finally stop being ignorant to it because its had this huge spotlight shown on it.
all thats likely to happen is that the developers are going to make a PR statement once again warning players of the ToS an that such disruptive behaviors will result in a permanent ban similar to what they did with the world first cheaters from a while back.
@@DeusGamez I feel like leaking Account IDs has to be treated more seriously than world first drama, right?
>not SEs fault
It 100% is on their shoulders. They built a system that fundemantally sucks in the way it was implemented. It works the same god damn way the friendslist and marriage rings work, one way. You delete someone off your FL, well too bad, you're still on theit FL. Divorce someone in game and toss your ring? Too bad, the other person can STILL teleport you if they keep their ring, EVEN IF YOU GET REMARRIED. The new blacklist system was just lip service to appease the loud crowd without actually implementing it in a correct way. 100% pure laziness and bad design on SEs part.
it works for it's intended purpose, the issue is how they implemented it.
there's no way that nobody at SE thought "sending this much information to the client" was a good idea, if so, that's basic literally incompetence.
the fact that this isn't even the plugin, but just in general, since you can apparently do this with cheat engine AND wireshark.
even if they have kernel level anti-cheat and it doesn't work with cheat engine/wireshark, just run FF14 through a VM and wireshark the VM (scambaiter for example does this all the time, they let scammers connect to their VM and then use wireshark to reverse the connection. (also find out live where the scammers are)
Considering they're aware of plugins and actively implement qols (botched as they may be), but never foresaw this issue feels incredibly careless.
As long as they dont fix it (whatever they see as the fix), someone will always be there to collect all of that data for x or y purpose. Incredibly careless on their part, it almost seems deliberate.
How the fck is it their fault when you mofos mod the game and temper their data content? Its already illegal to to even used 3rd party tools. People just cant play the fckin game without having to do any of this nonsense
@@Joppheimer You are emotionally charged about the situation and thus have one of the worst takes imaginable, this is entirely on Square Enix to maintain a game that does not leak personal information to other players. They are also i'm 100% sure aware their players use plugins. This really does just seem like incompetence from a developer.
If there's a shred of personal information, even general location, then it'll become a legal problem, over the privacy policy. It would make sense for square to just demolish plugins. Their only worry about detecting them is, you guessed it, privacy concerns. If the mods do it, then they gave square no choice but to pull the trigger and do it themselves to protect their users. Little privacy policy update, little note from Yoshida to ensure player's privacy is safe even with this new agent that scans your processes. Donezo.
The fact we still don't have a statement on this make me worried that there is no easy fix and they can't hide the ID. Though it is ironic that they recently made a move to make harassment of employees harder to do while simultaneously make the harassment of players a thousand times easier for stalkers. This has been an issue since DT launch, but has got widespread acknowledgement by the community the last five days.
So the only good thing that could come from this and that is to identify your own stalker.
However, this is a horrible plugin that might spark a really hard crack on any mods. Even harmless ones just for customization.
It's not the end of the world, but this is why we can't have nice things.
This dev should have kept stalking to him/herself.
Only good I see if the whole SE use it for there GM on bots too find them better and blacklist them and now I know why I get spam messages in my person jezz bot farmer's are using this hardware with others too get better info
Jesus Christ, man. Stay in school, you need it.@@animecrystal9
Tel Chan would love this plugin
Cannot forget his little band of psychos like Freakmo, Goat Status, Allara, and whoever else was in their weird discord.
@@alfonsonatura1519 Freakmo helped me clear TEA a few times (if it's a character named Freakmo Backshots) in PF, what did they do?
Goat status and his alt money spread definitely has this.
If dev stops, 2 more will appear, like hydra.
SE effed up by doing bad dev job and only they can fix that security vulnurability
Full layer 0 anti cheat for the pc client. I was on board before and now I can't be convinced otherwise.
@@jakkandjing it has nothing to do with anti cheat, it's SE's infrastructure exposing data PUBLICLY that the plugin consumes. Even if SE adds vanguard type anticheat to ffxiv, they'll make a separate standalone app that can do the same thing. SE needs to change what kind of info they expose to public.
tbh they have to do a lot more. possibly persue legal action, cause those ppl already have a database with over 900k characters logged since dawntrail. if you played dawntrail, you are already comprimised. dont know how SE is gonna scrub all that data from the malicious actors.
@@jakkandjing 1) SE knows that a sizeable amount of their playerbase uses cosmetic/QoL mods that aren't "cheating" and I highly doubt they would want to risk losing that source of money when the game has been losing other players.
2) Like Winlith said, the source of this problem is SE having data that by all rights should be private openly available for anyone to exploit, and anti-cheat isn't completely foolproof.
@kungfuvoodoo9889 At this point I don't care. I want all mods and plugins banned. Paying player base leaving be damned. If the player base drops enough that the game is unsustainable without mod players so be it.
The thing is, it's already released into the wild. Even if the main download is removed, it's too late. This is only something SE can address by fixing their data security.
Please note, even though the github has gotten banned, there are already forks.. Someone else already pointed out this in the comments, the main source may have been blocked but its the fact that the forks are already out and active.
Breaking news. The Github for the Player Scope plugin was closed and locked by the Github staff for violating the Github terms of service. If you pull up the plugin site you can confirm what I'm saying here.
Removing the GitHub doesn't really do anything since it's open source and anyone cloud've forked it.
Probably an automated ban on github's part because of mass reporting. There's a chance it might go to appeal because it's likely debatable if it's something that actually violates github TOS.
thats nice but the ppl who downloaded will still have access to it i assume?
@@cereal9285 and still has done more than SE xdd
Automated bot response due to the volume of reports. The plugin itself violates no actual TOS for GitHub.
Can't wait to sell something on the market then have some psychopath spam me all day for losing them 1gil.
The good thing is that this won't affect 99% of xeno's community. Because we don't even play the game xffing
Yep actually unsubbed last month
xff only remaining players are those weirdos treating this game as a dating simulator / Second Life
@@GlorpShakey found the incel 😂
@@GlorpShakey the mentally ill side of the game lol
What incel my guy, the cat girl that jerks you off at the club is a 38yr old balding dude@@yeahnahmate7
Who wants to bet that someone, at least a single soul, at SE pointed out during development that this was going to happen but shipped it anyway because they decided to trust on their players' good will?
May have been related to the corporate hierarchy. Obviously the west is in no way immune to such things, but that shit is very pronounced over in Japan. I don't know the company culture at CBU3, obviously, but that's my assumption.
I'm not familiar with mods and plugin on FF I know they work differently then wow but isn't this basically a data breach for SE? like most of this information should only be known between SE and the player but now all this information is known to everyone that uses this plugin
its public knowledge already like usual the community is bored cause dawntrail sucked immensely an are fishing for any drama they can to occupy their boring lives. is it bad ? yes it is but its also not a new occurrence. this game has always had baby tantrum throwing players in it or perverted weirdos you find out quickly who they are they aren't hidden or hiding themselves at all.
if people looked up your lodestone profile they would already see everything like this plugin does minus the alt characters. but to combat that the developers gave people the ability to hide your profile stats an such. an the blacklist features were also created because there was a plugin doing it so devs just wanted to make their own version of it in good faith that the players would see that they do care about what features matter to them etc
I'm someone that has been tracked down due to a market board battle.
This was a while ago and I'm pretty sure wasn't related to this plugin - they tracked me based on my retainer naming conventions, my lodestone and a site I had granted access to my lodestone ID. I'd also joined that site's Discord. They sent me an in-game tell and then admited how they had tracked me down and sent me a Discord DM. I was unnerved, but they explained their process of tracking me down, apologised and we reached a (somewhat) peaceful resolution. I've since ensured my discord does not link to any RL information.
This plug-in debacle is very concerning and a massive oversight on SE's end. My point is - people could track you WITHOUT a plug-in like this, but the idea of this being widespread is very scary.
you'll always fall back into a pattern, that's human nature, so at some point you'll fall back into a pattern and people can recognize patterns.
i've pissed off a lot of people so i'm kinda amazed that this never happened to me.
i repeat from a previous video comment: the more i hear about stories like this, the more i hate the ff14 community
Why do we need to consider this person as part of the community and not some weirdo doing stupid creepy shit that the majority of the players (which are part of the community) denounce this type of shit?
Stop enabling weirdos by putting them into a group. Single them out and make them the creep.
To be fair the bald man is more likely to cover bad stuff/drama. 99.9 percent of the community just want to dress up their catgirls and enjoy the story.
lo
Yeah this is definitely 100% of the community. /s
I can't help but think of the kind of brainrot that can lead someone to hear something like this and think it's specifically an ffxiv thing. Like cool, you can hate, but you, like everyone else, only found inside what you yourself brought in.
⚠ Beware! There's a FFXIV Streamer that pees on sinks⚠
😂
I bet a dollar if you go to their discord to opt out, they need/get your info TO opt you out. So they get you info either way...
Providing your information to the community that develops/uses this kind of plugin is the last thing you'd want to do if you care about your privacy
Can playerscopes devs be sued for this kind of opt-out thing?
Y'all think SE will do something about this, but it took them 10 years to adjust the blacklist in response to complaints of stalking.
The update did nothing to stop the stalking, it just made it so YOU can't see it's happening.
SE does not, and has never, cared about it's players.
There used to be a plugin that would tell you what duty had popped when your roulette queue popped, so you could just not accept the duty if you didn't want to. For example, you queue for leveling roulette, it pops, you see that it's Aurum Vale, you back out. The game used to send the duty information to the client BEFORE you accepted the duty, and that plugin grabbed the data for you. SE changed it so that the client would not receive that information before accepting the duty, therefore breaking the plugin. There is a historical precedence for SE breaking a plugin ON PURPOSE by changing what information is sent to the game client.
@@KZorander it's also with Deep Dungeon, they used to send everything to the client, including floor layout, trap locations, chest locations (and contents)
there was a cheat program that would read this data and visually add it to your screen (kinda what plugins do now, but back then Dalamud didn't exist, so it was something different)
SE changed how that worked and now all of that remains server side, no idea how SE will navigate this, but it'll be a bit different though.
They especially never cared for non JP players.
20:00 kinda sad that this guy got ratio'ed
the solution to this is to anonymize player data for blacklists and make it server-side and send that data encrypted and start suing people who break the encryption (because that's a violation of US federal law).
yep, an encryption or just not make your client deal with this, this was never an issue before the new BL system, the fact that the new BL system requires all of this information so that it can also BL the alts is the main issue.
the moment it enters your client is when you can manipulate it, so they need to avoid that.
And even if they tailor the IDs to your specific client, it only raises the difficulty a bit, but not by much. You've got plenty of other known information sent to you to use (like, for starters, their name at that point in time) for establishing some certainty in linking up with prior observations.
There's some other things they can do to obfuscate, like changing ID numbers on character renames rather than reusing them, but as long as a stable identifier is sent to you for a whole account, someone determined to build this kind of player profile will have a very easy job doing so. The only reliable fix is moving friend and blacklist to the server.
Inb4 Yoshi P shuts down all plugins just due to this one
If that's what it takes, I hope so. SE should not make this data available to begin with
True. All it takes is 1 Renegade Modder or User abusing a Plug-In like this to collapse the entire use of 3rd Party Add-Ons like a Jenga Tower. I agree, this will literally force SE to do something. If they don't, this game will lose players a lot faster than what the Dawntrail did.
Definitely screams cybersecurity issue at hand because this can even go a step further if one uses their creativity to do more with it. I agree this plugin shouldn't exist and the sad part is people don't care about it until it happens to them sort of issue.
its plugins in like this that are ruining our chances to get the devs to consider plugins seriously
No? It's because third-party programs and plugins are huge security risks and can alter the game experience in an unintended way. They don't like plugins like this for this very purpose. They never had a chance to be taken seriously and NEVER will.
@@nhedd0s839 pluggins been grey area cause it gives pc players advantage over console.
plugins will never be taken seriously in japan as its against the law...
It's funny how FFXIV is reaching a point where addons/plugins are both keeping the game alive and killing it at the same time. The complete lack of action and clarity about the subject is pretty amusing.
The game is already losing players for other reasons. Trying to address anything about plugins/addons right now would only make it worse, no matter the path they choose. I guess that's the price for taking things for granted for so long now.
this isn't even because of the plugin, the plugin just revealed the massive flaw, which the flaw always existed since it was added.
the biggest issue here is that SE's new blacklist system sends all of that data from the server to the client, and the client then filters out based on your blacklist (to save on cost)
what ended up happening is kinda how ACT works, ACT doesn't directly interface with the game, it detects the network that FF14 uses, reads it and then shows it in readable format.
that's literally what the plugin does, it detects the pakket responsible and makes it readable. (this can also be done with other programs unrelated to FF14, such as Cheat Engine and Wireshark, even if FF14 actively detects and stops working when detecting these 2 programs or any other program doing this on your machine, other machines can also detect the network activities from your machine, but even then, if someone really really wants to, they can just setup an VM and play FF14 on that, while running Wireshark on the main PC while monitoring the network activity from FF14 that runs in the VM.
So far the only thing that's been done is the original thread discussing this being deleted from official forums.
It's a black market thing, even if it gets banned and taken down, they will find a way to bring it back.
This is one plugin that SE needs to crack down on. Either break it on the backend or sue the dev and perma ban them.
Food for thought: the plug-in cuts both ways. This would out any harassers on their alts as well. For example, if you ran Lionel through that thing, it would show all his alt characters. So harassers beware...not as hidden as you thought.
what goes around comes around
I wouldn't put it past deranged stalkers to buy another account just to keep their real one hidden
Im very curious how or if SE responds to this ngl. Cuz the fact they couldnt see this coming is actually insane
I imagine they're probably going to consider adding an anti-cheat because of this. Sure people are going to pitch a fit, but this is what happens. It's a nuclear option but it'll likely be for the best.
Yeah like surely they employ cybersecurity staff lol
This is like having a regular everyday person walk into a police precinct and access the criminal record database. This is power that should only be meant for Square.
The problem with "opting in" is the root problem remains. ANYONE can make a plugin like this because the data to do so has been made readily available. If this plugin makes it so that you have to opt in ANOTHER plugin can just do the same thing this one is doing.
The only true solution is that SE must fix the problem on THEIR end and not make personal information freely available to the game client.
Source code is now public, so its irrelevant what the original dev does going forward as the framework is there for someone with a little knowledge to take that code and make their own modified version. The only solution is SE intervening.
The opt-out form makes me really feel like this is made for data phishing to sell people's data. Once you provide their email, they can locate your name and sell just info off. I'd rather have the virtual stalking than willingly provide data brokers my information easier than it already is.
There’s already a stalker thing, it’s called the lodestone LOL. that alone is info on your character that’s way too public
😂😂😂😂
I remember reading about improved blacklists, thought, "Hmm, somehow I think this is going to go bad, couldn't tell you how", saw that old reddit post about it sending info client side, and was like, oh, yep, there's the first boot. This is the other boot.
Man, I remember someone in the FRU cheating video getting pissy with me when I said "SE needs to grow a pair" in regards to plugins. I'm sitting here now, feeling incredibly vindicated because I knew it was only a matter of time before some weirdo would do this. The modding community at large, whether they want to admit it or not, created this monster so now they gotta stop it.
Granted, I'm taking a break until the next update. Democracy is calling my name in Helldivers 2 and I gotta hunt monsters in February
Could be worse I suppose they could attach your real name to your friend's list and the forums like blizzard once did. X.X
One good thing that can come out of this is with malicious players you want to avoid or not rejoin your FC, you can see if their alt is attempting to cause more harm. Data collection is neutral ethically speaking, it can be used for good or for bad.
You know what would be funny, if Dalamund made it so if it detects someone using that plugin it sent a report to SE that they are breaking TOS (using mods and plugins), and would result in that user having their account possibly flagged and or banned.
Okay, but lets not pretend that FF14 doesn't have a stalking problem, even without mods/plugins.
The blacklist/ignore system is a joke. You can't see them or what they say but they can still see you and what you say? They can still player search for you, look up your lodestone, etc. (My friends and I tested it.) So...I think square needs to worry about it on their side of things as well.
but people will always be able to stalk you, but being able to basically remove them from your life is the best way to do it. in the end why does it matter that they can see what you say, if they can never reply to you or talk to you ?
Great content my king, all hail Baldicante
May chaos take the world!
I mean, I hate undercutters to the point where I don't list stuff sometimes, but good lord!
This might be the thing that finally crosses se's line.
Wouldn't be such a stalking issue if SE made Friend Lists mutual, rather than you staying on their friend list after removing someone.
How it's taken nearly ten years to figure out how to do that is beyond me.
At this point I wont be suprised if Yoshi goes out with a dissapointed face and says" No more mods, we gonna add anti-cheat"
Will be pleasantly surprised. SE needs to grow a pair.
All these rules about being nice to eachother, yet they are this relaxed with data security. Pretty embarrassing for SE
If they do it's over
Thing is, they could push a lot of content fast, but instead of reacting to the current moment or making more content for next patch as priority, they will focus on creating the content for the next expansion, while having similar content packages for every 0.X patch like they have in the past. It sucks, but they use the same formula for every content patch and expansion and there is no surprises.
Chiming in as someone from the D2 community regarding game devs suing plugin devs.
It's totally doable, and in our case, Bungie won lawsuits against cheat software devs; while not all plugins are cheating, the tl;dr for that lawsuit was more the third-party devs violating TOS and IP rights.
Squenix can take action against this one dev legally, I'd presume; the question is both if it is worth it to go after the dev/s, and if this will end up opening a can of worms where Squenix (considering the official stance on plugins) decides to go all nuclear and maybe sue Dalamud.
With stuff like this and cheating. I'm really starting to count the days until SE introduces some kind of anti-cheat to XIV. It would be bad because it would hurt people who use costmetics mods, but if some people can't appreciate the state we're in now and have to use plugins like this. Sorry, but that's too much.
Oh no, not stop the erp cosmetics mods! Good riddens
14:15 100% agree. What worse is that even if you removed the ID numbers, it's still creepy as shit. Why do you need to know my alts, retainers, etc? Seriously, why do you need to know that? It's like you said it's a stalker tool. It serves no purpose. This isn't some better version of the friends list. They literally said they just want the data. But fucking why? Are you going to sell it? Are you enabling stalking?
I feel like someone is going to get hurt before all this is said and done. If I can get your account ID, what's to stop me from getting your address? What's to stop me from taking this IRL?
It's fucking sick.
The only use case I could immediately see from any of the info from the plugin used is with the plugin Visibility and its Voidlist, which even then wouldn't need to share details with the actual end user. It could link it in the backend to make it so you cannot see any of the associated characters of an account. The Voidlist essentially being the blacklist on steroids, making even their character not render alongside blocking messages from their character. This is meant to allow you to disable bots, harassing, or annoying players from even being visible to the user, and I could definitely see an argument to allow it to extend to accounts as then even if a harasser made a new character it wouldn't be visible to their target but I don't see value in an account being able to be used as an extreme lookup where you can track where others are doing.
This is the sort of shit that is going to get all mods banned. we can't have nice things anymore like just aesthetic mods, someones always gotta go out and ruin it for everyone else
Not gonna happen, game would die almost immediately. It's a sad reality.
??? They're already banned. Having mods is a bannable offense. Hello????
@@nhedd0s839 in practice no - square doesent enforce that clause of their terms of service on anyone outside streamers - never did , its only there to prevent legal trouble in japan cause their laws dont allow mods or plugins
@vtbbbnk these rules have been enforced before. A Twitch streamer was previously banned for using mods to more or less set an example. Try talking about mods in general chat in-game. It's still a bannable offense regardless of how you twist it.
@nhedd0s839 did i mention = they only enforce it on streamers lol- talked about mods in game multiple times before both in fc chat , in say chat and even across two different data centers , was on crystal ,
where everyone freely discusses mods and after 2023 on dynamis the dead dc = no ban because square doesent give a fuck about enforcing their no mods allowed clause for anyone except famous streamers and once in a lifetime hey just so we dont run into legal trouble with japanese law public show off ban that everyone forgets about afterwards
Could you be as kind to -hide- the info you pull up?
Blur it in your youtube vid?
It's bad enough that this plugin is there because some dude wanted to know who undercut them.
I saw someone I know in there... and that means, you're spreading their info over youtube now.
I'm sure other folks don't like it either.
It may not be very useful info, but a lot of people have had problems with stalkers ruining their gaming experience for them.
This encourages the stalker behavior.
Between the Friend list not being two-way removal and the bizzare state of the lodestone character links, stalking was already bad in FFXIV. Its why I left the game after so many years. This new addon is just the icing on the cake.
When you blacklist someone, the blacklisted person just doesn't appear for you anymore. The blacklisted person can still see you...
SE didn't even make a good BL feature. If we disregard the other bad stuff they changed.
I never understood this either lol why would they allow the stalker to still follow and see ur character, it literally makes no sense lol
Why would I need to join their discord to 'opt out'? Wouldn't I be able to just stop using it by uninstalling? Why the opt out part???
The data is out there. Released. No SE change can make that go away. And it's all of us. Over 750K characters are logged in a database.
i will probably just get written off as a "Modbeast" (if thats the worst thing i get called in my life id say i had a good life) but everyone screaming to just ban mods has very little understanding of the harm that would cause. Cause A i would not solve the stalker problem and B it would hurt the game. It may not outright kill it but it would be a noticeable dip in revenue from players that would quit just like that.i know people that don't even mod but would quit on principle alone for there being an anti cheat. Square as company cant afford that right now. There struggling on a finical level and 14 is pretty much keeping there head above water and plugs are huge factor to why people are keeping the subs going.
You don't have to be modest, it would absolutely kill the game. It's no secret that a good 80% of players use at least some kind of mod whether it be simple glamour stuff, raid related or the whole red flag.
@@chef416 you are a 100 percent correct.
this plug in. does explain how many players know EXACTLY where to go the second a streamer starts streaming, and also how they get harrased in game when playing off stream
21:27 this is fearmongering, chatter is not thinking.
this functionality in a plugin, while possible (the reason dalamud advises against 3rd party), would have to be hidden for obvious reasons. Which is impossible in an open source plugin, which means if you installed a closed source unvetted plugin - the only way something like this can fly under the radar - you deserve the bad results.
When i saw the title, I thought this was going to operate just how most games do, getting logon alerts and seeing location, like what is just built into most games. No this takes things way further.
So, I have had full on stalkers in XIV.. for a l o n g time. It's absolutely terrifying and scary. I don't understand why people would do stuff like this ):
Ignore them and move on. If you're letting someone else affect your enjoyment of the game, then maybe reevalute why you're playing the game. The internet is full of ppls who do shit like that. There is literally nothing they can do to you in game that you should be allowing to affect you irl. If you think otherwise, maybe seek some help. Its literally just a video game.
Gonna ask a question that might have an obvious answer but I'm asking it anyway, what classifies as a "stalker" in this game? You can set yourself to busy and blacklist/ignore people and they literally can't do a single thing to you anymore. I once had a guy send me weird/creepy messages after a PvP game, blacklisted and never saw them again, am I missing something?
@ you hit the nail on the head with this, and I agree completely. Anyone being "stalked" can do numerous things to ignore their "stalker". Im not condoning the creation of this plugin, cuz yeah it is pretty creepy and highlight some real issues with on the backend of the game. But at the same time, its kinda on the person being stalked to take measures to straight up ignore the stalker in some way shape or form. Acting helpless and letting someone get to you in a real way inside a video game takes a certain amount of acceptance which can easily be negated in multiple ways.
@@mokustabby4865 Spoken like someone who has never had to deal with anything like this. It's not a matter of "letting" anyone do anything. When someone follows you and harasses you almost every single moment you're logged in, tell me how that won't affect your experience with the game. You're trying to hang out with your friends, they're there. You're trying to do quests, they're there. You're crafting, they're there. Tell me how that won't affect your enjoyment of those things. You need to stop putting responsibility on the victim for being hurt by things meant to hurt them.
@@mokustabby4865 yeah, that's my issue nowadays when people say "FF14 has a stalker problem"
I could understand pre-DT due to how it worked and you could still see that person and they could actively annoy you.
now if you BL someone, they just dissapear, like they never existed to begin with, not just that character, but every character that guy has on the account.
this plugin just exposes how SE tried to cut corners by making the client do most of the processing work instead of doing this server side.
Most embarrassing community award.
I say this is just the beginning. There will be more malicious plugins coming in the following years. Once players truly realize that they can literally do ANYTHING without limitations or rules being set, then that will lead to serious chaos. It is time for SE to adjust their stance towards mods and plugins and finally get the playerbase in line again.
wait a sec.... we can finally track the active playerbase counts with this actually, kinda interesting as a proof of concept
But Question. If I have my whole lodestone privated aka every option set to hidden and I’m erased from lodestone search does this still show me?
Apparently it doesn't, but this is what I've heard from a person I'm in an FC with
it still shows you. even if you opt-out from their google doc, it doesnt fully erase you. theres nothing you can do about it until SE fixes this, even then not really cause they already have the data.
DB一部公開されたようです crystal
Terrible plogon, but the only good I could see that could come of this is finding people making alts to start drama/pretend being someone else (This happens alot on Faerie) to like... re-friend their friend group to either stir trouble or just relive that new friend high (super weird). Not saying that its a good plogon, just engaging in the convo. Ff14 players stay normal challenge, it truly is content draught.
my tinfoil had started rattling when you talked about this, imagine someone being able to get to your account information, login and and pw and stuff, might also be able to get to your buy history and payment informations, which could mean that they can get into your bank account... not sure if that's possible, but in my head that's the next step somehow
no they couldn't worse they could do is get your card info which can be blocked almost instantly
That's fearmongering not tinfoil. You won't get compromised this way unless you install something dodgy yourself, which you're warned fairly about if you use Dalamud.
I mean, yeah it's ok if you use 3rd party for cure your skill issues in-game like DoT tracking, mech learning, rotation learning etc. BUT when u make mod, where only MOD USERS can set their data to private it's LITERALLY makes advantages that applies on community. HOW, as a PS5 player, I can prevent myself of data gathering??? I know that this info can't help get my account stolen (I hope so), but it's so weird when u got dm about your alt when you are on your main acc.
While I personally dont have any concerns, I only use one character soo no alts to track. I still see no reason to need this info and any reason that comes to mind is a negative
one thing i can think about as for it beaing good is for club owners to be able to know the alts of people who they banned from a club due to their behavior other then that nothing else good and this dosent even comes close to beaing a good enough reasone for this plugin to be created
Those people could easily make a new account and bypass this all together. The only people this benefits are weirdo stalkers
At this point just make a plugin that automatically stalks the person you hate, gee
AutoStalk is being coded as we speak
PC players get all the good stuff. Honestly makes me kinda wanna switch to PC now.
Not you openly admitting to being a mentally unstable loon
lmao how funny would it be, if FFXIV mobile is the FFXIV killer XD.
it probably will be
To be fair, it was stupid of SE to send ID's without crypting it and make it work server side, it's the basics of every single *WEBSITE* not even programs or apps, which usually require the same level of security, they were asking for this kind of trouble.
I was talking about this with a friend of mine who told me and I quote: "I learnt at Uni about client-server differences and the fact you MINIMISE the amount of data on the client." If that isn't showing SE's incompetence, I don't know what will. This went through planning, designing, implementation, testing, AND QA... and nobody picked up on the issues?
@@MN35A don't forget that SE had this issue in the past with other things.
For example there was a plugin that could see what duty you would get BEFORE you accepted, so if you didn't like something (for example Alliance Raid and you see Dun Scaith, you could just withdraw)
Also Deep Dungeon had this issue in the past, where the server would send the client everything, map layout, monster locations, trap locations, chest locations, content of said chests etc.
so there was a 3rd party program (this was before Dalamud) that would basically parse this to your screen, so you could see through the walls where each monster, chest, trap was and basically the entire floor was instantly displayed. (they later on made this information all server side, that's why trap plugins are unreliable, it can try to "predict" but never 100% accurately show you, since traps are there, but only the server knows this till it's too late)
The FFXIV playerbase should not be trusted with this information 😅
SquareEnix made this kind of data available? Pretty crappy and irrisponsible
people have not seen real botting problems lol, xiv botting is nothing
Yea even if someone bought 10 billion gil it would just be like okay and?
How do you know something have too much free time
When they create a plug-in to stalke everyone
Anyone found with it installed should just get a permanent ip ban from the game.
...you are aware you'd get banned anyway regardless of what plugin used if you get found out?
you are also aware that an IP does nothing right?
if i'm permanently IP banned, guess what I can do, I can call my ISP and tell them that during a livestream I accidentally opened a website from a viewer and it exposed my IP.
within 5 minutes my IP is permanently changed, it's that easy (let's not forget VPN's)
But also, if your next action is "hardware ban!"
sure, let me fire up my VM (plenty of tutorials on how to make your VM take everything from the actual PC in terms of hardware, except that it's then brand new hardware and that isn't banned)
I think there is a misunderstanding of the end goal. I know it won't stop 100% of people and that there are ways around it. I also know about the existing rules related to plugins. What I'm suggesting is making it such a chore if they do get caught that it at least disincentives it to where less people will bother in the first place. The devs just need to rework the system itself to no longer allow obtaining the data in the first place.
@@ZaestraXD they can stop the bleeding for starters at least and then shuffle everyone's account ID around to make the old data irrelevant when they search those old account IDs.
that should "mitigate" it at least, they can also make this data be server side instead of client side, the reason they made it client side is so that your computer/console has to do the heavy lifting, instead of the server. (which with doing this every single player out there can be quite taxing I guess)
But instead of making your client send to the server "I got X, Y and Z on my blacklist" and then the server tells the client to filter X Y and Z, the server just sends everyones character ID and every other information and then let's the client filter it out locally, which is just piss poor.
for example, years ago when PotD was the only Deep Dungeon, everyone was client side, floor layouts, treasure locations, hoard location, traps, monsters etc.
so the server send this data instantly to the client, some 3rd party tools intercepted this and parsed it on your screen live.
they then made it server side instead, so the game still knows what floor layout it is, where the mobs are, but all of this information is send when required.
for example if you open a chest, the moment you open a chest, the server tells the client what is in that chest.
if you're coordinates hit a trap, the server will tell the client "you hit an explosion trap" and then blow up.
I guess that's why it sometimes feels like traps move in Deep Dungeon? i've had it a few times where I stand still and then trigger the trap, guess it can be the server telling the game I hit the trip and then it triggers a bit later.
I hope square takes it down
Couldnt this plugin also potentially have been used defensively? At the very least it seems like it could be used to parse out creeps who pretend to be a friendly on one character someone might be friends with, who often switch to alts on same account to be two-faced or predatory on another character with potentially the same 'friend' or others, with the victims none the wiser.
I suppose it could be good for Free company recruitment if your looking for specific rolls or whatever,
Or if your doing some sort of social research on the game
still a bit weird tho
I know YoshiP loves Ultima Online but its okay to make a game with better code than it.
imagine having the skill set and data to make an addon like this and NOT just making a better/accountwide friends list? guy is nuts, esp if the MB undercutting is rhe reason for all of it. I don't like undercutting, but unfortunately it is the nature of a community run market.
Damn I'm on console, so I guess I'm fucked.