Idea

[Siсiliаn Ноundd]

IP's change not as often as Keys but change non the less. The thing is IP's I have noticed keep the same 4-5 first same numbers. So why not base a Nickname registration off that?
(The IP below is made up & just for a example.)

This is how we currently register nicknames, use the non steam key and make a really long password so they can't get access to the Admin account and only get the nickname protection that comes with a Administration account.

Code: Select all

Admin 2Tuff4Muff~123456~1~password

Now IP's look like this 98.256.35.3. But the first 4-5 numbers stay the same on a IP. For example when you put 0's in your IP after a certain number then the IP means everyone with a IP that starts with 98.256.00.0 or 98.256.30.0

Code: Select all

Admin VSj~98.256.00.0~1~Password

So if I register IP's like this do you think it could become a problem? Or maybe another way to do this with a IP?

[Laika]

ID based on incomplete IP looks unreliable to me. I don't think there are any practical means of tracking Steam players with dynamic IP.

[Siсiliаn Ноundd]

Sad, well back to the drawing board.

[trickser]

Now IP's look like this 98.256.35.3. But the first 4-5 numbers stay the same on a IP. For example when you put 0's in your IP after a certain number then the IP means everyone with a IP that starts with 98.256.00.0 or 98.256.30.0

Code: Select all

Admin VSj~98.256.00.0~1~Password

The Admin option of dedcon does not work with IP adresses at all. KeyIDs only.

Look, at some point I tried to achieve exactly the same, protecting steam user identities, but I abandon the idea. Just like Laika said, there is no reliable way.

But I have an idea you might like. How about making name protection a feature so worthwhile you have to pay for?
What do I mean by this? Easy, everbody who wants his name protected has to own a non-steam version.

Defcon is basically on every game distribution platform on the internet and often it comes with a Steam-Key AND an ordinary Key. But you really have to make sure before buying, usually it is marked with DRM-Free for an ordinary Key.

GOG.com : $7.99
Desura.com : $11.49
IV Store: $15

And there are often discounts or bundles to make it cheaper.

8 bucks is really not too much to practically own a screenname.

[VSj]

The Admin option of dedcon does not work with IP adresses at all. KeyIDs only.

Look, at some point I tried to achieve exactly the same, protecting steam user identities, but I abandon the idea. Just like Laika said, there is no reliable way.

Sicilian, just like I've told you. You don't believe me?

In theory though... We talked about this a little bit with trickser already. If the dedcon output log was to be parsed in real time, we could perhaps create a mechanism for a Steam user to identify h(im|er)self with the "bot" before the game starts so that a dynamically created Admin config could then be included with the Steam users current keyid in case the identification succeeded.

I've not tested this but from what I remember I think the dedcon's already present /login command could be exploited. It doesn't show the login attempt publicly and therefore keeps the password relatively safe but the attempt however gets logged with the pasword so it could be grabbed with an external script that would then query a user database, update the current key for inclusion in the admin conf etc.

Admin conf would probably need to be loaded at a static point in time. Game start maybe? I think the "scripting capablitities" in dedcon config don't allow one to trigger an inclusion from the chat without logging in. Would the late included conf then even rename impostors to fake retrospectively? I'm not at all sure.

Edit: No... wait, it wouldn't necessarily need to be an included config file and the thing I said about triggering include commands is probably wrong. I'll have to experiment a little.

Now I'm not saying it's necessarily worth implementing. Has the name abuse gotten out of hand? But anyway, any thoughts, improvements, discussion?

[VSj]

Edit: No... wait, it wouldn't necessarily need to be an included config file and the thing I said about triggering include commands is probably wrong. I'll have to experiment a little.

Yea. Pipes work just fine.

[trickser]

The identity problem has basically 2 modes of failure.
1) A user who does not own a name uses it anyway (the imposter).
2) A user who owns a name fails indentification and gets threated like an imposter.
You really need to avoid both reliable to not make the thing an annoying joke.

a dynamically created Admin config could then be included with the Steam users current keyid in case the identification succeeded.

I've not tested this but from what I remember I think the dedcon's already present /login command could be exploited.

That is a nice idea, I did not think of before.

But "a dynamically created Admin config could [...] be included [...] in case the identification succeeded" does not stop imposters from using the name, only avoids failure 2.

To avoid failure 1 you would need to include a static Admin config and then override it later* by a dynamically created one (in case of a positive identification). But then you can't use /login for identification as the user will never be in possession of his name before using it to identify.

You would need to give every user a 2nd login he has to use in order to get the rights for his real name. Maybe adding

Code: Select all

Admin Senator~123456~1~password
Admin fake Senator~~1~password

the faked name would do it, tought.

Would the late included conf then even rename impostors to fake retrospectively?

Don't know either, but I know ForceName works that way. I mean it can be used at any time to rename a user by the server.

*Dont actually know what happens if dedcon gets 2 contradicting Admin lines, but they certainly don't just get overriden.

[VSj]

1) A user who does not own a name uses it anyway (the imposter).

To avoid failure 1 you would need to include a static Admin config and then override it later* by a dynamically created one (in case the of an positive identification). But then you can't use /login for identification as the user will never be in possession of his name before using it to identify.

You're right. I left a lot out of my first post.

What if the identification process depended only on a password? So I could be a NewPlayer on Steam saying "/login someLongAndNever2BLeakedPassPhraseHere" meaning "hey, bot, here's my passphrase, by which you know who's keyid to change in the DB" The parser would identify me as VSj and override the initial (previously created?) Admin directive with my current keyid. Then I could rename to VSj.

Perhaps better: I'd write the name in the password too. Like "/login VSj thatpassphrasehereagain".

What about the steam keys then... Can a key I have today be given to another player in the future? That would be bad.

[A8U51V3 M0TH]

whats the point of this again.

to protect the "nicknames" that people like to use so "imposters" can't use them? Since when has a nickname been a copyright issue? Sweaty Phallus is Fxxxing insane this is a game that is so close to "abandonware" and he is talking like using someones preferred nickname is a form of identity theft. Its all about control not making things better, i can see him now meddling with scripts thinking hes all clever. But this issue is bit like Facebook telling drag queens they have to use their real names rather than their stage names - if people want to pretend to be someone else just let them it makes no real difference, people pretend they are me all the time and i couldn't give two hoots. Sweaty phallus why don't you just get a real job?

oh yes he uses ignore function so he probably cannot read this.

[VSj]

whats the point of this again.

I don't think it's necessary. I'm rather interested in discussing hypothetical methods of implementation.