ticky

im in ur web site

  • she/her

web dracat

made:
internet-ti.me, @Watch, Wayback Classic, etc.

avatars appearing:

in 2D by nox lucent
in 3D by Zcythe

"If it were me, I'd have [changed] her design to make [her species] more visually clear" - some internet rando

I post embeds of other peoples' things at @ticky-reposts



I feel like this is a take I can only post on cohost but: the VRChat anti-cheat drama is pretty overblown

the vast majority of the stuff enabled by client mods is already enabled by recently-added features, and securing the client alleviates a real and actual problem in the space


You must log in to comment.

in reply to @ticky's post:

Hmm. I mean, I'm definitely not on the VRChat team but like...what's securing the client going to do that hardening the API wouldn't also do, without being invasive to my computer? Why is the client trusted to such an extent that problems like this arise? I feel like this is the easy route for the dev team, and maybe it should be applauded that they're taking the steps they can to shut down these problems, don't let perfect be the enemy of the good, etc etc, but it doesn't feel great even so.

I don't really think there's any good reason to argue that this isn't an acceptable step for them to take. EAC is pretty lightweight as anticheat goes; no persistent process, no weird rootkits. Patching the API wouldn't prevent stealing credentials, or turning your local machine into a botnet node, would it? Some of the information being leaked is necessary for the client to work, but is obviously not intended to be collated, stored or transmitted by a third-party for stalking.

Is it really going to prevent that information gathering though? EAC is designed to prevent modification of the client and its working memory, but would it prevent another app with system permissions from reading its memory? That's not usually an attack vector for games. I suppose you could probably implement wall hacks that way if you were sufficiently dedicated.

Well, that's probably enough from me lol, I'm clearly significantly out of my depth. It's probably a little idealistic of me to expect that the client space for something like this to be even as open as Twitter, let alone early internet chat. Not like those things don't have huge harassment problems of their own lol

would it prevent another app with system permissions from reading its memory?

I am not sure, but it does mean it's much harder to do, as you will be looking at raw memory rather than the data structures within .NET code.

read over the post and i have mixed feelings on this change — on the one hand getting rid of griefers is great but on the other hand as someone who has used mods in the past for QoL tweaks it’s not an ideal solution imo. i feel a good compromise would be to do something like Halo MCC or VAC does — have a separate setting that allows you to play the game with mods but only on unprotected servers. that way the groups of friends who want to mess around with mods can still use them, without bumping into players who don’t use mods.

yeah, and in as much as that could be possible, it would split the player base and likely not actually reduce the support burden they incur from misbehaving modifications, and worse, not actually prevent the things that steal accounts, harass, and grief others

I see no reason they couldn't someday add sanctioned mod hooks which are safe (i.e. not DLL-level injection stuff) to enable QoL tweak stuff, but it's all a balancing act of the time it takes to accomplish such a thing versus the need to reduce that burden and risk to users in the immediate term

The thing is the fact that they’re looking to monetize stuff (which isn’t necessarily bad to me, people buying avatars in world rather than on gum road is the most obvious way of making money they have as a company, and just makes sense), but the job listing for digital economy person did explicitly say crypto experience was a plus, which is kinda ominous.

What’s extra funny about this to me is how it literally took me ten minutes to transfer a version of my avatar over to ChilloutVR when a bunch of folks from my VRC meetup group started talking about going there. So it turns out the much lauded metaverse idea of taking stuff you’ve bought and moving it to other games is real and no NFTs are involved.