Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Risk to be banned #5

Open
Screamer27 opened this issue Jan 5, 2024 · 4 comments
Open

Risk to be banned #5

Screamer27 opened this issue Jan 5, 2024 · 4 comments
Labels
documentation Improvements or additions to documentation

Comments

@Screamer27
Copy link

Hey, the possibility to track stats is really cool because ingame info sucks a lot!
Still, i am sure that it is definitely not allowed by Embark Studios because of the way how you track it. I tried to launch all of that to track the info and get totally terrified by leading my account to be banned for this. I can not revert it so now i just sit and afraid of consequences.

There is a need to intercept traffic and push a fake ssl. I opened their rules and i found many points from terms of services that are clearly prohibit the thing that you suggest users to do. Also, you save the personal user's token on your side which is not really a good thing to be responsible for because it could be used for different in-game operations like using the shop and so on.

Don't you think there should be some notification for users that they do this on their own risk and this is not a fully "legal" way to track stats? Usually such projects authors abdicate responsibility and notify users that they are responsible for compliance with terms of service and possible consequences.

Imagine that some users will be banned and all of the accusations will be directed to you as a developer of this software.
I dont know if you care about that or you just a typical cheats-developer and there is already a lot of illegal stuff behind your back but even from the ethical point of view there is a need to warn your users about possible risks

@Swackles Swackles pinned this issue Jan 5, 2024
@Swackles Swackles added the documentation Improvements or additions to documentation label Jan 5, 2024
@Swackles
Copy link
Owner

Swackles commented Jan 5, 2024

Yea, I kinda took it as obvious that the use of this software is at your own risk, but added it to the readme of both projects just in case.

When it comes to your JWT token, you can rest assured that I do not have it and it doesn't get logged or stored anywhere in the server.

@gaspard-lebaube
Copy link
Contributor

gaspard-lebaube commented Jan 6, 2024

In fact, you can get access using an old JWT token via cookies stored locally on the browser, so not on the server. I find it very practical to have a cache and not have to reset the token each time.

I think the best solution is to ask for a public api ! So, have you really been banned from the game @Screamer27 or did I misunderstand ? It'd be funny if Embark Studios banned such a ridiculous action when there are so many cheaters in their game without getting banned.

Edit : I don't speak English very well, so I apologize if I make mistakes or use awkward phrasing, and the same goes for my comprehension.

@Screamer27
Copy link
Author

Screamer27 commented Jan 6, 2024

In fact, you can get access using an old JWT token via cookies stored locally on the browser, so not on the server

Cookies are not a local thing and they are fully visible to the server. My point was not only about storing the data on the server side but operating with the private data that is collected in a prohibited way in any sense to get rid of any responsibility of what will happen with the user account later.

There is not much reasons to have a questionable solution if there is a simple currently working alternative to collect json data and display the stats without worrying about some technical private data.

I think the best solution is to ask for a public api !

Would be great to have this! But for some reason they decided to make it private for now. Maybe they will turn it public later and author will have an already working solution for it without any risk.

So, have you really been banned from the game @Screamer27 or did I misunderstand ? It'd be funny if Embark Studios banned such a ridiculous action when there are so many cheaters in their game without getting banned.

I have not been banned yet for this but as i said previously, the way of intercepting the traffic and transferring the data to some different resource is obviously not allowed by the game Terms of Services. I don't think that having a good intention by using a prohibited methods will be a good argument if their anti-cheat software will decide to ban you because it found some suspicious actions. Also, making a request with a token to get the stats from a different machine/IP that might be related with different multiple accounts (some of them might be account of cheaters) does not looks safe

Still, it is up to you to use it or not. Good that the project page currently has a warning for users so they are acknowledged about this

Edit : I don't speak English very well, so I apologize if I make mistakes or use awkward phrasing, and the same goes for my comprehension.

Don't worry, you are totally fine

@Swackles
Copy link
Owner

Swackles commented Jan 7, 2024

I'll chime in my two cents here as well.

For me, it was self-evident that usage of this application is at your own risk and the security conserns were even written in the docs and I initally implemented JSON for that exact reason. Although I think it is unlikely that Embark would ban anyone using this software as it is not easy to detect, the risk remains, your initial comment made me realise that it doesn't matter what I write in the docs, people will do things without understanding what they are doing. That's why I've removed the JWT token entirely from the project and currently in the middle of moving the parsing logic from the backend back to the frontend.

For the future, I don't think I'll bring back the JWT authentication as it doesn't get me closer to my goals .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation
Projects
None yet
Development

No branches or pull requests

3 participants