Mainlog.html reveals too much sensitive information

[Yekaterina]

Dear Devs: I would like to draw your attention to the contents of the file mainlog.html. It reveals too much personal data of the players, for example their IPs and the entire chat history of the lobby and each server. The information inside can be abused, for example one could see the enemy chat in real time or trace the real life locations of players, hence violating their privacy.

I would suggest not writing these information directly into Mainlog.html, perhaps encrypt the IPs somehow so that it is not so easily readable. Alternatively, store these data in a more discreet location and delete it as soon as it is not needed.

@rossenburg @Norse_Harold

[alre]

it shouldn't be that difficult to only send chat messages to the intended recipients, to read and log.

I don't see much use in hiding players' IP until we get the much awaited headless host server.

[vladislavbelov]

JFYI hiding something just from mainlog.html won't make the game more secure, only a bit more complicated for abusers (because of the code compilation). Your goal should be done somewhere on the network code side (maybe to not send enemy chat at all, but what should we do for observers? An abuser can open multiple clients). Though you can't truly hide host IP from clients without expensive (at least for us as an open-source community) server infrastructure.

[rossenburg]

3 hours ago, vladislavbelov said:

maybe to not send enemy chat at all

agreed this should be a major concern for now i think

[Yekaterina]

The password of users is also stored in user.cfg and mainlog.html but scrambled. I'm suggesting using the same scrambling algorithm on the IP addresses.

[G.O.A.T]

@HelicityYou are almost there. Next step is to close source code otherwise any changes won't help. That said It is impossible to expect 100% security.

There is still possibility to read data directly from memory... If you have access to your pc there is no way to hide it..

 

The real problem is network stack / no encryption of exchanged data. No trustworthy HOST of the game. Only if wildfiregames would host games it could ensure some level of privacy is kept. 

 

Otherwise some G.O.A.T will arise (not talking of me, it was just funny hypothetical example) but could be easily YOU.

 

 

Edited April 19, 2023 by G.O.A.T

[hyperion]

2 hours ago, rossenburg said:

agreed this should be a major concern for now i think

Even then, the one hosting still gets all messages.

 

3 minutes ago, Helicity said:

The password of users is also stored in user.cfg and mainlog.html but scrambled. I'm suggesting using the same scrambling algorithm on the IP addresses.

Scrambling ip address, so the mainlog can be posted as-is is somewhat reasonable, but it won't help at all to prevent users to get the ip of peers.

 

The question is are you willing to pay for playing online, if there are enough such user then having dedicated servers might be an option. Then some "cheating" can be fixed, notably the quit rated game one.

[Yekaterina]

54 minutes ago, G.O.A.T said:

That said It is impossible to expect 100% security.

There is still possibility to read data directly from memory... If you have access to your pc there is no way to hide it..

 

The real problem is network stack / no encryption of exchanged data. No trustworthy HOST of the game. Only if wildfiregames would host games it could ensure some level of privacy is kept. 

Agreed, even so, we could still intercept all network data using packet sniffers and some other techniques. However, having a layer of encryption would prevent a large number of less tech savvy users like me from seeing people's IP. So far I haven't figured out how to decrypt the passwords.

 

[G.O.A.T]

3 minutes ago, Helicity said:

Agreed, even so, we could still intercept all network data using packet sniffers and some other techniques. However, having a layer of encryption would prevent a large number of less tech savvy users like me from seeing people's IP. So far I haven't figured out how to decrypt the passwords.

 

Decrypt password? The communication to lobby server is secured via TLS layer. User password is by default encypted. or we are on different level of understanding?

[Yekaterina]

Just now, G.O.A.T said:

User password is by default encypted.

Yes, inside the mainlog.html and user.cfg the passwords are displayed as a string of alphanumerical gibberish. I haven't been able to convert this string back to the correct password.

I am suggesting we apply the same scrambling algorithm to the IP addresses that are displayed in the log. In other words, TLS encrypt the IP before writing it into the log.

[G.O.A.T]

1 minute ago, Helicity said:

Yes, inside the mainlog.html and user.cfg the passwords are displayed as a string of alphanumerical gibberish. I haven't been able to convert this string back to the correct password.

I am suggesting we apply the same scrambling algorithm to the IP addresses that are displayed in the log. In other words, TLS encrypt the IP before writing it into the log.

Understand security by obscurity - for fools to feel safe... 

 

 

[MarcusAureliu#s]

21 minutes ago, G.O.A.T said:

Understand security by obscurity - for fools to feel safe... 

 

 

Are you biased bc it will make it harder to identify smurf accounts ? xD Given all the mistakes maybe you should use it as a more advanced method though 

[G.O.A.T]

6 minutes ago, MarcusAureliu#s said:

Are you biased bc it will make it harder to identify smurf accounts ? xD Given all the mistakes maybe you should use it as a more advanced method though 

I already gave interesting ways how to strengthen security. Interesting -  people just interested in personal attacks.. yes it is very normal to overlook important thing and focus on bias.

Edited April 19, 2023 by G.O.A.T

[Silier]

1 hour ago, Helicity said:

Yes, inside the mainlog.html and user.cfg the passwords are displayed as a string of alphanumerical gibberish. I haven't been able to convert this string back to the correct password.

No its not. Its hash of the password you enter in game.

If you would use another client to connect to the lobby, you would use this exact string as password.

 

Communication is secure only if you have not disabled tls in options.

Edited April 19, 2023 by Silier

[Yekaterina]

1 hour ago, G.O.A.T said:

Understand security by obscurity - for fools to feel safe... 

It's not 100% fault proof but it doesn't need extra costs and human labour as opposed to WFG hosting all of the games. It is a compromise, a temporary one.

What you are suggesting is good, but I am not sure how much will centralised servers cost compared to people hosting on their own machines.

There is no absolute security as soon as you are connected to the world wide web. We can only find compromises to maintain reasonable levels of privacy and security.

 

[Yekaterina]

2 minutes ago, Silier said:

hash of the password

Perhaps we can hash the IP address as if it is a password?

 

[Stan`]

A hash is non reversible. (That's kind of the point) So you wouldn't be able to use hashed IPs for anything else than comparison with other hashed IP. You could cipher it, but you'd have to send the password to everyone that needs it.

Hashing it or not logging it would achieve the same result, though.

[Guest]

On 19/04/2023 at 3:40 PM, G.O.A.T said:

I already gave interesting ways how to strengthen security. Interesting -  people just interested in personal attacks.. yes it is very normal to overlook important thing and focus on bias.

 

@G.O.A.THow can you mention "bias" here? it's the basic laws about privacy. I would pay to see you arguing "it's for a wall of smurfs" in front of a judge.

Many people care about their privacy and didn't consent their IP (and then Geoloc/DNS/ISP data) to be stored forever and reused in any way, especially, for this kind of purpose.

 

BYW Can someone in the community release the so-called darkcity mod and then we could have a debate about the legal implications for all its endusers?

 

More globally we would never forbid a player to get the IP by design as it's peer to peer. I'm unclear if it could be hidden in all APIs exposed for mods.

The true issue is that just parsing a basic log is too simple. Anyone can exploit this mistake.

 

We basically have to use VPN at a cost of not entering many games just because of a few spies who ignore (or doesn't care about) the laws.

Then plain IP in log and @G.O.A.T's bias wouldn't be a big deal.

 

It would be great if the community can check the port forwarding issues when using VPN solutions like Proton.

Edited April 24, 2023 by rm -rf

[Guest]

On 19/04/2023 at 3:11 PM, G.O.A.T said:

Understand security by obscurity - for fools to feel safe... 

 

 

Learning laws by lawsuits @G.O.A.T ? to let us play 0ad anonymously

Edited April 24, 2023 by rm -rf

[Yekaterina]

4 hours ago, rm -rf said:

port forwarding issues when using VPN solutions like Proton.

I've tried Proton VPN before but it's slightly dodgy on Linux and it does require email sign up. The speed is quite high; the bypassing ability is mediocre but the client is quite a burden. You might be able to protect yourself from other 0ad players but you are not exposing yourself to the VPN provider.

 

4 hours ago, rm -rf said:

Can someone in the community release the so-called darkcity mod

Darkcity claimed that he does not know programming at all and is hence incapable of creating such a mod. I don't know to what extent he is honest about it, and whether someone else wrote the codes and Darkcity "stole" their work without citing them. Someone definitely has it though, because a moderator knows its existence. However, even after digging on the forum, I couldn't find any relevant post.

 

4 hours ago, rm -rf said:

The true issue is that just parsing a basic log is too simple. Anyone can exploit this mistake.

This is exactly why I made this topic, and I would like the devs to do something about it. All in all such sensitive information shouldn't be so easily readable in the main logs.

Albeit scrambling, hashing, encrypting or just not writing down, please just make it less readable, thank you!

We can never stop those tech experts from hacking our IPs but at least it would stop an average user like me or Acero. Most people are just average users or complete noobs.

[Guest]

22 minutes ago, Helicity said:

Darkcity claimed that he does not know programming at all and is hence incapable of creating such a mod. I don't know to what extent he is honest about it, and whether someone else wrote the codes and Darkcity "stole" their work without citing them. Someone definitely has it though, because a moderator knows its existence. However, even after digging on the forum, I couldn't find any relevant post.

I wrote the "so called darkcity mod". It's called like this by several players and I keep the name unchanged.

If darkcity wants to complain, no problem, I will send him back the screenshots highlighting two different players calling his mod "darkcity mod".

My 2 cents:

• @G.O.A.Tcannot be honest in such topic as he keeps speaking here on behalf of his smurf 0ad forum account (funny isn't it ? no bias here?)
• this "kind of mod" doesn't ask for any programming skill.

I thought the wall of shame/smurfs was temporarily removed. A moderator had to look at it.

I would consider that this kind of topic shouldn't make laught any person responsible of the legal aspect of the game.

 

Edited April 24, 2023 by rm -rf

[Yekaterina]

Now regarding @G.O.A.T, I don't know who they are (or if they are a lobby user at all), but I think their smurf list is more on the joke side than a serious report. I have consulted @Norse_Harold  (the lobby moderator) and @MarcusAureliu#s (very knowledgeable on old players) about its contents, and both concluded that it's more of a trolling / attention-seeking / jesting act as opposed to a genuine effort to reduce misconduct.

This is evident in the fact that he makes very slow corrections or simply refuses to. In the case of @guerringuerrin, it has been proven that he does not have any duplicate accounts, but GOAT has decided to list him down as WilsonWilson and Xaiki. Even after he is asked to remove @guerringuerrin from the list due to the sufficient evidences, he just changed the colour of guerringuerrin to white instead of actually erasing him. This incident suggest that GOAT is not pursing factual accuracy, but an expression of their personal endeavours. His motive is further entailed in the quote:

Quote

I don't claim it is correct they are very subjective and based on many unreliable sources. 

implying that it's for entertainment and imagination rather than an investigation of any significant. Therefore we should keep calm and laugh at it rather than becoming emotionally disturbed.

I cannot determine whether GOAT is tracking anyone's IP at all solely from this list, as using mainlog.html does not leave any visible traces. I also don't even know whether he used the same IP tracking method as me at all. There are more sophisticated tools like WireShark that can trace IPs. However, the chance of him being a host or a frequent player or even a lobby maintainer is high, as the lobby is the way to find player's IPs. He also has to care about the lobby games enough to risk lawsuit to write and defend such a list.

[Guest]

With all my respect @Helicity, I think you over-interpret it.

It's built as a wall of shame and It's basically explained as a way to discredit the people in the list.

The main argument would be "to balance TGs".... Reset the ratings and you would get better balance without any privacy cost.

 

@HelicityAs you wrote @guerringuerrinmentioned it's false and more or less nothing happened. Moderators?

Even with no bias, it can be easily considered as "a settling of scores". And many sentences in the page confirm this trivial theory. There is nothing objective in it. Content and form.

 

@G.O.A.Tbe courageous at least once and publish the code.

Then, from the code, we will review all legal aspects and how objective it's really, settling of scores or not.

Edited April 24, 2023 by rm -rf

[Yekaterina]

Today, I was able to see that Hokaido is the same person as Beethoven and Servicebedingungen. I used my ipextractor Python program to quickly search out the players' IP, and all 3 of these usernames were joining me from the same IP on the same port.

I had to do this because he disconnected due to lag, then joined in using different accounts as an observer, which allowed him to see the entire map  - an unfair advantage. The TG ended there due to his persistent poor network and after his cheating acts were exposed.

 

[Yekaterina]

2 minutes ago, rm -rf said:

The main argument would be balanced in TG

For me this is the only concern. If someone makes a new account, joins and claims to be of a different skill level to what they actually are, they will mess up the balance. However, I'm totally ok with Stockfish saying: "I change account brb" then coming back is Irland 5 seconds later, as I still know to treat this Irland as Stockfish and balance accordingly.

 

4 minutes ago, rm -rf said:

 

It's built as a wall of shame and It's basically explained as a way to discredit the people in the list.

That's certainly how some would feel. I cannot determine the intentions of GOAT, but it could be an expression of his jealousy towards all players who have beaten him or something. 

They put me in the same list as Yekaterina. I played four 1v1 games with her and I won 3 so I think I should be a bit better. Nevertheless, she is a good player and a very good teammate (like Wendy), so I can live with that.

My brother Landau-Lifschitz has not been included in the list. By IP methods, he should have detected activities from my brother and maybe even my father, so it's really shady what GOAT is up to right now.