Open Screamer27 opened 10 months ago
Yea, I kinda took it as obvious that the use of this software is at your own risk, but added it to the readme of both projects just in case.
When it comes to your JWT token, you can rest assured that I do not have it and it doesn't get logged or stored anywhere in the server.
In fact, you can get access using an old JWT token via cookies stored locally on the browser, so not on the server. I find it very practical to have a cache and not have to reset the token each time.
I think the best solution is to ask for a public api ! So, have you really been banned from the game @Screamer27 or did I misunderstand ? It'd be funny if Embark Studios banned such a ridiculous action when there are so many cheaters in their game without getting banned.
Edit : I don't speak English very well, so I apologize if I make mistakes or use awkward phrasing, and the same goes for my comprehension.
In fact, you can get access using an old JWT token via cookies stored locally on the browser, so not on the server
Cookies are not a local thing and they are fully visible to the server. My point was not only about storing the data on the server side but operating with the private data that is collected in a prohibited way in any sense to get rid of any responsibility of what will happen with the user account later.
There is not much reasons to have a questionable solution if there is a simple currently working alternative to collect json data and display the stats without worrying about some technical private data.
I think the best solution is to ask for a public api !
Would be great to have this! But for some reason they decided to make it private for now. Maybe they will turn it public later and author will have an already working solution for it without any risk.
So, have you really been banned from the game @Screamer27 or did I misunderstand ? It'd be funny if Embark Studios banned such a ridiculous action when there are so many cheaters in their game without getting banned.
I have not been banned yet for this but as i said previously, the way of intercepting the traffic and transferring the data to some different resource is obviously not allowed by the game Terms of Services. I don't think that having a good intention by using a prohibited methods will be a good argument if their anti-cheat software will decide to ban you because it found some suspicious actions. Also, making a request with a token to get the stats from a different machine/IP that might be related with different multiple accounts (some of them might be account of cheaters) does not looks safe
Still, it is up to you to use it or not. Good that the project page currently has a warning for users so they are acknowledged about this
Edit : I don't speak English very well, so I apologize if I make mistakes or use awkward phrasing, and the same goes for my comprehension.
Don't worry, you are totally fine
I'll chime in my two cents here as well.
For me, it was self-evident that usage of this application is at your own risk and the security conserns were even written in the docs and I initally implemented JSON for that exact reason. Although I think it is unlikely that Embark would ban anyone using this software as it is not easy to detect, the risk remains, your initial comment made me realise that it doesn't matter what I write in the docs, people will do things without understanding what they are doing. That's why I've removed the JWT token entirely from the project and currently in the middle of moving the parsing logic from the backend back to the frontend.
For the future, I don't think I'll bring back the JWT authentication as it doesn't get me closer to my goals .
Hey, the possibility to track stats is really cool because ingame info sucks a lot! Still, i am sure that it is definitely not allowed by Embark Studios because of the way how you track it. I tried to launch all of that to track the info and get totally terrified by leading my account to be banned for this. I can not revert it so now i just sit and afraid of consequences.
There is a need to intercept traffic and push a fake ssl. I opened their rules and i found many points from terms of services that are clearly prohibit the thing that you suggest users to do. Also, you save the personal user's token on your side which is not really a good thing to be responsible for because it could be used for different in-game operations like using the shop and so on.
Don't you think there should be some notification for users that they do this on their own risk and this is not a fully "legal" way to track stats? Usually such projects authors abdicate responsibility and notify users that they are responsible for compliance with terms of service and possible consequences.
Imagine that some users will be banned and all of the accusations will be directed to you as a developer of this software. I dont know if you care about that or you just a typical cheats-developer and there is already a lot of illegal stuff behind your back but even from the ethical point of view there is a need to warn your users about possible risks