web dracat
•
made:
internet-ti.me, @Watch, Wayback Classic, etc.
•
avatars appearing:
in 2D by nox lucent
in 3D by Zcythe
•
"If it were me, I'd have [changed] her design to make [her species] more visually clear" - some internet rando
•
I post embeds of other peoples' things at @ticky-reposts
I feel like this is a take I can only post on cohost but: the VRChat anti-cheat drama is pretty overblown
the vast majority of the stuff enabled by client mods is already enabled by recently-added features, and securing the client alleviates a real and actual problem in the space
what's the problem it's alleviating? I don't use VRChat lol, but I've always been a little fascinated by it
there are people using modifications for benign purposes, but there are those who are using it to be abusive, harass, or to be disruptive in many ways - you can read VRChat's own blog post about the changes for more details
Hmm. I mean, I'm definitely not on the VRChat team but like...what's securing the client going to do that hardening the API wouldn't also do, without being invasive to my computer? Why is the client trusted to such an extent that problems like this arise? I feel like this is the easy route for the dev team, and maybe it should be applauded that they're taking the steps they can to shut down these problems, don't let perfect be the enemy of the good, etc etc, but it doesn't feel great even so.
I don't really think there's any good reason to argue that this isn't an acceptable step for them to take. EAC is pretty lightweight as anticheat goes; no persistent process, no weird rootkits. Patching the API wouldn't prevent stealing credentials, or turning your local machine into a botnet node, would it? Some of the information being leaked is necessary for the client to work, but is obviously not intended to be collated, stored or transmitted by a third-party for stalking.
Is it really going to prevent that information gathering though? EAC is designed to prevent modification of the client and its working memory, but would it prevent another app with system permissions from reading its memory? That's not usually an attack vector for games. I suppose you could probably implement wall hacks that way if you were sufficiently dedicated.
Well, that's probably enough from me lol, I'm clearly significantly out of my depth. It's probably a little idealistic of me to expect that the client space for something like this to be even as open as Twitter, let alone early internet chat. Not like those things don't have huge harassment problems of their own lol
would it prevent another app with system permissions from reading its memory?
I am not sure, but it does mean it's much harder to do, as you will be looking at raw memory rather than the data structures within .NET code.
read over the post and i have mixed feelings on this change — on the one hand getting rid of griefers is great but on the other hand as someone who has used mods in the past for QoL tweaks it’s not an ideal solution imo. i feel a good compromise would be to do something like Halo MCC or VAC does — have a separate setting that allows you to play the game with mods but only on unprotected servers. that way the groups of friends who want to mess around with mods can still use them, without bumping into players who don’t use mods.
yeah, and in as much as that could be possible, it would split the player base and likely not actually reduce the support burden they incur from misbehaving modifications, and worse, not actually prevent the things that steal accounts, harass, and grief others
I see no reason they couldn't someday add sanctioned mod hooks which are safe (i.e. not DLL-level injection stuff) to enable QoL tweak stuff, but it's all a balancing act of the time it takes to accomplish such a thing versus the need to reduce that burden and risk to users in the immediate term
The thing is the fact that they’re looking to monetize stuff (which isn’t necessarily bad to me, people buying avatars in world rather than on gum road is the most obvious way of making money they have as a company, and just makes sense), but the job listing for digital economy person did explicitly say crypto experience was a plus, which is kinda ominous.
also if they intended to use blockchain they wouldn't need anti-cheat, right? because blockchain? checkmate
What’s extra funny about this to me is how it literally took me ten minutes to transfer a version of my avatar over to ChilloutVR when a bunch of folks from my VRC meetup group started talking about going there. So it turns out the much lauded metaverse idea of taking stuff you’ve bought and moving it to other games is real and no NFTs are involved.
