Advertisement
AUTH logged me in as a random player
No, I haven't touched my authkey
#24
Posted 11 November 2013 - 12:14 AM
I still dont understand it why its not a problem that the authnames are not the real authnames, guess im stupid but i gonna post the stupid problem -)
Example.
I play and i see my auth changes to NuB.
I know there is a regular player on that server with name/auth NuB
Now i change my name to NuB and i start cheating the obvious way.
There is no admin online, so the other regulars will demo me and post it on the server/clan forum. With a screenshot of who is cheating.
The admin will see the demo and draw their conclusions based on the demo, since they believe authnames are the real names.
When the real NuB comes on the server, he will be immediately banned by a admin. Or he is already banned by his logged ip before he can enter server.
Above way to ban players is pretty common.
But somehow FS tells me that there is no reason to worry?
Untill now most servers dont care to much about the auth-bans, most servers i play on have auth enabled but not forced.... But they do care about their own banning methods, and the extra feature (auth) is not helping them since auth is not working properly....
Example.
I play and i see my auth changes to NuB.
I know there is a regular player on that server with name/auth NuB
Now i change my name to NuB and i start cheating the obvious way.
There is no admin online, so the other regulars will demo me and post it on the server/clan forum. With a screenshot of who is cheating.
The admin will see the demo and draw their conclusions based on the demo, since they believe authnames are the real names.
When the real NuB comes on the server, he will be immediately banned by a admin. Or he is already banned by his logged ip before he can enter server.
Above way to ban players is pretty common.
But somehow FS tells me that there is no reason to worry?
Untill now most servers dont care to much about the auth-bans, most servers i play on have auth enabled but not forced.... But they do care about their own banning methods, and the extra feature (auth) is not helping them since auth is not working properly....
#25
Posted 11 November 2013 - 01:26 AM
Driller, on 11 November 2013 - 12:14 AM, said:
I still dont understand it why its not a problem that the authnames are not the real authnames, guess im stupid but i gonna post the stupid problem -)
Example.
I play and i see my auth changes to NuB.
I know there is a regular player on that server with name/auth NuB
Now i change my name to NuB and i start cheating the obvious way.
There is no admin online, so the other regulars will demo me and post it on the server/clan forum. With a screenshot of who is cheating.
The admin will see the demo and draw their conclusions based on the demo, since they believe authnames are the real names.
When the real NuB comes on the server, he will be immediately banned by a admin. Or he is already banned by his logged ip before he can enter server.
Above way to ban players is pretty common.
But somehow FS tells me that there is no reason to worry?
Untill now most servers dont care to much about the auth-bans, most servers i play on have auth enabled but not forced.... But they do care about their own banning methods, and the extra feature (auth) is not helping them since auth is not working properly....
Example.
I play and i see my auth changes to NuB.
I know there is a regular player on that server with name/auth NuB
Now i change my name to NuB and i start cheating the obvious way.
There is no admin online, so the other regulars will demo me and post it on the server/clan forum. With a screenshot of who is cheating.
The admin will see the demo and draw their conclusions based on the demo, since they believe authnames are the real names.
When the real NuB comes on the server, he will be immediately banned by a admin. Or he is already banned by his logged ip before he can enter server.
Above way to ban players is pretty common.
But somehow FS tells me that there is no reason to worry?
Untill now most servers dont care to much about the auth-bans, most servers i play on have auth enabled but not forced.... But they do care about their own banning methods, and the extra feature (auth) is not helping them since auth is not working properly....
Yes, every word of this.
I would like a more public announcement of this and if possible a greater explanation.
With people trading Auths there is a pretty significant communication breakdown somewhere that is a serious risk. If someone figures out how to break Auth on purpose, and even worse to specific targets, then Auth is a threat and not tool.
Please do not sweep this under the rug: if you do not make server admins aware of this situation, I do not feel safe about my Auth.
Nitro can only cuddle me for so long
[edit: disable AUTH server until fixed?]
<3
This post has been edited by beautifulNihilist: 11 November 2013 - 05:42 AM
Advertisement
#26
Posted 11 November 2013 - 08:45 AM
Fenix already answered your question 1 page back:
In other words you'll have to trust what the expert says is right :)
Fenix, on 04 November 2013 - 02:38 AM, said:
We can't answer such questions not because we are not capable of, but because our AUTH protocol MUST stay closed in order to work properly (and so the AC). I can tell you that what Nitro stated is 100% true.
In other words you'll have to trust what the expert says is right :)
#28
Posted 11 November 2013 - 07:59 PM
Yes, at this point we are not looking for answers.
This is a request for action.
Regardless of if the AC is mixed up with the Auth or not, THE GAME IS, and there is a player's-security issue that requires attention.
I will not be using Auth until it is addressed.
This is not meant as some kind of ultimatum, but you will not have my participation in Auth until it is fixed.
This is a request for action.
Regardless of if the AC is mixed up with the Auth or not, THE GAME IS, and there is a player's-security issue that requires attention.
I will not be using Auth until it is addressed.
This is not meant as some kind of ultimatum, but you will not have my participation in Auth until it is fixed.
This post has been edited by beautifulNihilist: 11 November 2013 - 08:07 PM
#30
Posted 13 November 2013 - 12:39 AM
At this point, I haven't heard of anyone using Someone Else's Auth on purpose.
But the way Auth has been touted as such an absolute identifying feature leads people to put a great deal of trust in it.
With all of the (understandable) pussyfooting around the details, we are not given a clear sign of just how much trust to put in the Auth system.
With Auth names getting mixed up, it is clear that we need to NOT put infallible trust in the logins and treat players similarly to 4.1, by paying attention to IP addresses; at least until whatever is broken is fixed.
My main concern is admin who don't know the situation and will take Auth names for clean and usable fingerprints.
I don't distrust that what the expert says is right; I'll buy that Auth and AntiCheat are not so synced.
But from my place where I am only given the information that I am allowed, I am not at this point able to trust Auth enough to login. There is more to consider than simply whether or not the AC is confused, (which is enough to consider anyway).
TOTAL SPECULATION:
The fact that there is something in Auth clearly broken makes it easy to believe there is a hole somewhere.
This is the internet where everything hates you and will destroy you just for fun.
If there is a hole in Auth that the Internet can find, it will use it to exploit and attack Auth names.
While I understand you can't tell me if this is the case or not, understand that I have to believe it is until I know it isn't.
<3
But the way Auth has been touted as such an absolute identifying feature leads people to put a great deal of trust in it.
With all of the (understandable) pussyfooting around the details, we are not given a clear sign of just how much trust to put in the Auth system.
With Auth names getting mixed up, it is clear that we need to NOT put infallible trust in the logins and treat players similarly to 4.1, by paying attention to IP addresses; at least until whatever is broken is fixed.
My main concern is admin who don't know the situation and will take Auth names for clean and usable fingerprints.
I don't distrust that what the expert says is right; I'll buy that Auth and AntiCheat are not so synced.
But from my place where I am only given the information that I am allowed, I am not at this point able to trust Auth enough to login. There is more to consider than simply whether or not the AC is confused, (which is enough to consider anyway).
TOTAL SPECULATION:
The fact that there is something in Auth clearly broken makes it easy to believe there is a hole somewhere.
This is the internet where everything hates you and will destroy you just for fun.
If there is a hole in Auth that the Internet can find, it will use it to exploit and attack Auth names.
While I understand you can't tell me if this is the case or not, understand that I have to believe it is until I know it isn't.
<3
1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users
Advertisement