Shopping Cartgreyngo: Blacklist should make both parties unable to see each other. There is no reason it shouldn't do this, as it's meant to be a tool to reduce harassment.
The fact that there's an invisible person that knows where you are and who you are talking to, gives them more power.
Narlan1: You know it's bad when spider doesn't sound whimsical
TrueChaoSclx: Casual reminder that this was brought up as a potential exploit on reddit when Dawntrail released, and the person who raised the alarm about this was dogpiled for it.
BaghNakh1: How the blacklist system should work:
- Data no longer stored client-side
- BOTH players become invisible to each other
- If the blacklisted person has you on their friendslist, you get automatically removed from it.
- Blacklisted player can't see you on the "player search" list.
tigrinha: To be honest, as someone who works with programming, security people from any company would forbid me from announcing that 'something would change in code for security reasons' the less info hackers have the better, they would tell to fix this quietly and wait for the plugin to stop working
MissyFuzz: Before anyone suggests it: No, nuking plugins or adding an anti cheat is not gonna fix this, anyone running Wireshark can still get the data. It's purely an issue on SE's end.
Besides, developing an anti cheat would take an insane amount of time, resources, money and maintenance costs just to get one to a semi functional state. It's not just running a .exe and that's it, it doesn't work like that. IF they every chose to go down that route, an anti cheat would not be ready to be deployed until 8.0 at the very least, and that's being extremely generous.
Burred11: The problem with dealing with hacks/malicious mods/boting, in live service products such as FF14, is that you REALLY do not want to tip your hand as to what, how, and when you deal with it, to avoid giving the makers of set hacks or bots or mods the knowledge as to how they were caught and thus how they need to adapt.
The obvious way to not tip your hand is to not do public communication about it. Which does mean that anyone with a problem will feel completely ignored and overlooked.
azmakikian5400: Also, the plugin apprently had a function they could track player location in-game, allowing stalking on a beyond creepy scale. I agree, the plugin is an issue, but the root problem is how the paper-mache code of the game has been implemented and used
AmaranHonda: Crazy how more than a decade of goodwill is going up like thermite during this Expac
esten_varlineau_cobain: The fact that unfriending someone doesn’t remove you from their friendlist is just way too weird. I've always found that weird even before DT. When I heard about the blacklisting update, I got really hyped and then immediately turned off as I read through it. It...didn't really solve anything? I didn't even know that the player you blacklist is still able to see you until now. What is Square doing?
jonny1494: when lil angry gets involved you know sh hit the fan
eidolonofmadness6729: i laugh out loud when they said going for legal action instead of fixing the root problem. truly they dont understand the problem at all
Osteichthyes: Welcome to the world of cyber security, it sucks. It's a perpetual game of whack-a-mole where you implement something and people break it, turning into a never-ending arms race because some people just can't help but being shitlords. If you think you know how to make the problem solved and with no exploits, you don't. It's a multi trillion dollar industry for a reason.
Best solution is just go back to the old way and just let the player deal with their own security, or implement a server where everyone's blacklist is stored and parse every message through there (though this can be broken by with some effort). It's not nearly as easy to fix as some people think it is.
mehbv: Thanks for the quick rundown man, it was probably faster than the intro to most of the yap videos about the issue.
derkuma: Additional: Deleting someone from your own friendslist should also delete you from theirs.
ShiMusume: Yea... this does not solve anything.
This issue isn't just the plugin creator. It is the fact that with this oversight this can be done again and again. Stopping one individual will not stem the tide.
That is like locking up one hacker for getting through a backdoor of your website and never increasing security. What could they be thinking?
Adorablybadmemes: THE FUCKING GARLEAN MUSIC BEHIND THE VIDEO KILLED ME AS SERIOUS AS THIS IS
evandavis5223: The only account ID your client should be able to see is your own.
LadyGoggles: this is ridiculous. as a community we deserve a better response and tighter safety standards.
Alcadria: Eh, they never go in depth as to how these things work or how they screwed up. They likely know, but they aren't going to admit fault until they've taken care of what needs to be done on their end. This is normal, half-responses that hide their true intentions until they feel the time is right and are confident that they can fix the problem. And in this case, broadcasting to the entire player-base their their player ID is transmitted to everyone they so much as catch a glimpse of in game is going to incite panic and fear, something they obviously don't want.
We should expect better, yes, but I will say that we should also expect each other to have a better grasp of the situation and the capability to look at things from another perspective. Nothing good is going to come from them saying "yeah, we screwed up and made it so that your account ID is given to every player you encounter," that would risk even more people making plugins and exploiting their error until its finally fixed.
heartlacies: Finally, a recap video that isn't titled as "DRAMA!!!!" or some other clickbaity BS and is straight to the point.
navidryanrouf441: If we look at this from a more optimistic angle, the reason maybe the devs didn't mention anything about the exploit is to prevent news about it or its functions from spreading. I think they still intend to tackle this issue but without disclosing the details to prevent malicious users from being able to crack it easily
TheRichman42: I'm not surprised. My understanding is it was very hard for the devs to make a change to the original blacklist problem. So the current situation is what they came up with and they may not be able to come up with another solution so soon. It's slapping a bandaid on the wound, yes, but I'm at least glad they're taking some action, and hope in time we will see more.
ReaperSigma: It's the whole Dawntrail effect right now, they are just hiding their heads in the sand
CineGoodog: I was not playing this game anymore and this incident only made my resolve stronger
cursix64: Too much focus on plugins; this account ID is also visible in the network traffic and FFXIV network traffic is NOT encrypted. So you could still sniff this data out without the use of plugins. Could easily have a 3rd party listening in on your wifi sniffing out your account info for example. This is an exploit in the game itself that needs to be fixed in the game.
Jan 29 2025
USD 
EUR
GBP