Eco Servers need to authenticate on start

[johnkslg]

1. Eco servers should authenticate with our auth servers on login. Unlike clients, servers can authenticate unlimited instances for a single account.
2. Clients should verify the server is authenticated upon connect.
3. This change will be rolled out over time, giving server hosters time to setup authentication. That is, for a week or two players will still be able to login to non-authed servers, and it will display a message that the server wasn't authed and that it will stop working on date X.
4. Clients will automatically detect pirated servers as follows:
   • Clients will expect every other user on a server they login to to have an authentication verification token associated with them.
   • Clients verify each token is legit and represents a user logged into the current server, with our auth server
   • If the user isn't legit, it flags the server as 'allowing pirate clients'

This change is for a few reasons:

• Allow us to ban servers that are allowing pirated clients
• Allow us to ban servers from our server browser that are breaking terms of service (advertising cracked server, etc).

If there are current trusted server operators that dont have a paid Eco account, we can manually give one to them as thanks.

[elfl0rd]

As a result, you will create a great inconvenience to both large and small hosters. And the pirate servers have been and will be.

Clients will expect every other user on a server they login to to have an authentication verification token associated with them.

Hello lags and increasing network traffic on busy servers.

Yes, a separate greeting to the complication of server configuration for those who want to run the server for their friends. After all, if he does this from a another machine, he will need to buy the eco again.

I didn't think Eco's user base was that big for such experiments.

p.s. Even more fun is the fact that the pirate version we have now is version 0.8.1.4... How do I understand this change you want to break the support of older versions? Which is still quite a lot.

[D3nnis3n]

This is pretty much a non-issue, a lot of steam games do the exact same thing and hosters have learned how to deal with it for a long time. It won't impede servers on older versions either, as those will not use the system. Even if it did, it wouldn't be a biggie for me, as we actually do not support old version of Eco officially anyway.

I don't think it's something that should be quashed into 9.0 as i prefer to get that big thing released and then have a good planned rollout of this, so i'll mark it as push candidate.

[elfl0rd]

Of course it is. But with <1000 people online during the day, intentionally making it harder to build a server and creating additional problems for Steam users is not the best idea.

[D3nnis3n]

I'm personally not sure why that is needed at all, the RequireAuthentication option was removed and there surely is a different way to ban specific servers from the masterlist by just entering their IP or dns in a blacklist.

[elfl0rd]

I'm personally not sure why that is needed at all, the RequireAuthentication option was removed and there surely is a different way to ban specific servers from the masterlist by just entering their IP or dns in a blacklist.

Agree. I google it, actual cracked version is 0.8.1.4...

In my opinion, the option of generating an ID based on hardware and providing it to the master server should be good. (without a license binding). This will make it easier to block "unacceptable" servers.

But I'm against binding the server to a license. I've seen a lot of examples, and I see that it's mostly causing problems for players, not pirates.

[caltheon]

Why was RequireAuthentication disabled. not being able to play on my own computer without being online steam is a huge bug and not what I paid for

[D3nnis3n]

RequireAuthentication was a option intended for developing. It was never intended to be used by players, given it allows players with illegal copies of Eco to play on those servers easily. This is not a bug.

[D3nnis3n]

We're not aware of any multiplayer functionality needing to be restored? If you have issues with something, please reach out to our support at support@strangeloopgames.com, but this is the wrong place. Also, asking for what seems to be workarounds to security measures or other things are not tolerated here.

The measures in this issue haven't even been implemented yet - whatever issue you might have is a different one.