Page MenuHomeFeedback Tracker

Players list , their names and information is now public even when RCON is protected by password
Closed, ResolvedPublic

Description

Since 1.13 update and the changes that were introduced to the RCON connection,
the information about the players is now open to the public, including their playtimes, durations of play and nicknames.
Websites like GameTracker and BattleMetrics now have full access to all of this info, without being provided with at least a permission and \ or a password.

This is a severe privacy violation.
What is the point in setting an RCON password, while websites offer free monitoring services and they have access to all this info without a password?

As a server owner, I cannot provide the minimal privacy support for my community while the information is available to 3rd parties anyway.

(Edit: rephrasing & removed the angry CAPS...)

Details

Severity
Major
Resolution
Open
Reproducibility
Always
Operating System
Windows 7
Category
BattlEye
Steps To Reproduce

Check any community server at GameTracker or BattleMetrics.

Event Timeline

Geez changed the task status from New to Assigned.Jul 23 2021, 12:51 PM
Geez changed the task status from Assigned to Reviewed.Jul 23 2021, 1:22 PM
Geez added a subscriber: Geez.

Hello tarkules.
This is completely unrelated to BattlEye and BattlEye related Rcon tools.
It is a Steam feature that is included in DayZ (And most of other Steam games).
https://developer.valvesoftware.com/wiki/Server_queries

Regards,
Geez

That's insane!

Is this a Steam requirement? Because if it isn't it would be best disabled for DayZ in my opinion.

How come it appeared in 1.13? Was it broken brefore?

Thanks!

Option added a subscriber: Option.Jul 23 2021, 8:04 PM

Tarkull, might I suggest making this in a private ticket and add the people subbed to it? dont need people to see ey >.<
But its a huge problem

mrdarn added a subscriber: mrdarn.EditedJul 23 2021, 10:48 PM

While I can,I'd like to add, I'd also like there to be a server option to disable this.

This is going to be a nightmare for certain people.

Its up to devs to go onwards here and make it private.
Good call on tarkules.
Or on tarkules himself deleting and making it private, and do the smart and right thing.
Or not.. Time is ticking

this is just normal public query information returned by game server, it always was there

aux7 added a subscriber: aux7.EditedJul 24 2021, 7:45 AM

this is just normal public query information returned by game server, it always was there

sure, but the A2S_player was not fully utilised/functional until now

it may be that as per CS GO which by default returns only max players & server uptime, we can add in "host players_show" set to "2" in the server.cfg

@Geez Can Bohemia confirm that this function would work in their cfg file? Or give us some other options to block this information?

thanks

Tarkull, might I suggest making this in a private ticket and add the people subbed to it? dont need people to see ey >.<
But its a huge problem

More people are going to look on Battlemetrics to see this info than on the feedback tracker lol.

But like Aux7 suggested, would be cool if we could prevent information like this from being shared

This ain't no bueno at all. There has to be a way to disable it.

tarkules updated the task description. (Show Details)Jul 24 2021, 4:30 PM
wouter.commandeur added a comment.EditedJul 26 2021, 11:14 PM

This got changed after 3 years. You can't hide behind "it was always there" Dwarden. And Geez can't hide behind "It's a steam feature". The reason this ticket was created was because it got changed with 1.13.

Progger added a subscriber: Progger.EditedJul 27 2021, 3:42 PM

Open your server firewall, create a rule and block this IP´ , ingoing.

Found 5 Pages what crawl the data, will update the list when i found them all.

167.114.219.233
51.79.45.167
142.44.175.123
51.222.127.205
51.222.127.206
51.222.127.207
195.201.29.128
208.167.241.187
108.61.78.150
108.61.78.149
149.28.43.230
45.77.96.90
212.227.202.239
93.90.205.119
82.165.160.53
82.165.99.18
212.227.201.72
82.165.109.134

Prob solved.

sileed added a subscriber: sileed.Jul 27 2021, 7:52 PM

Almost @Progger , do you have IPs for serverranks.com?

will look for it...

Geez changed the task status from Reviewed to Acknowledged.Jul 28 2021, 1:09 PM

Hello everyone.
We have found out the possible cause of this starting to occur with the 1.13 version and we are currently looking into what can be done! I will update the ticket once I have more information I can provide.
We are grateful for all the feedback you have provided and we are working hard to address the issue.

Regards,
Geez

Geez merged tasks: Restricted Maniphest Task, Restricted Maniphest Task.Jul 29 2021, 10:11 AM
Geez added a comment.Jul 30 2021, 2:06 PM

Hello again.
We have deployed a fix on the experimental version released today.
Please check if everything is in order.
Regards,
Geez

aux7 added a comment.Jul 30 2021, 4:22 PM

it seems like it is working, I can see no player data at all when I was on my exp server

thanks for the fast response

Hello Geez,

Thank you for looking into this issue and for the quick response.

I performed a test with @aux7's help on an experimental server:

  1. The player information is now blocked again.
  2. We also noticed that the player count appears to be now blocked as well.
  1. We also noticed that the player count appears to be now blocked as well.

Where are you not seeing Player Count?
I can see player count just fine on the official Experimental servers:

aux7 added a comment.Aug 1 2021, 6:47 AM
  1. We also noticed that the player count appears to be now blocked as well.

Where are you not seeing Player Count?
I can see player count just fine on the official Experimental servers:

We are not seeing the count on battlemetrics

During this period shown, I, Tarkules & another player were online

Riddick_2K added a subscriber: Riddick_2K.EditedAug 3 2021, 5:46 PM

And what would the "problem" be? Do you know that on the net and with the PC we are all tracked in all possible ways? I understand when you have to do a "personal" search on the net, for this there is TOR and various PlugIns for Firefox, but for video games, being afraid of "being tracked" seems to me something out of this world... pure paranoia.
The vast majority of FPS servers distribute information about the players present, and I'll tell you it's a very useful thing that I always use. I cannot open the PC (I have one dedicated only to video games, with various HD for "type" of video games: each has all the O.S. optimized for that video game) and load an O.S. just to see if there is anyone on the servers that interest me and who... that's absurd.
And...
I have always evaluated the various video games even from the active servers that I found on GameTracker (for example)
And...
For the Battlefield series I go directly into the Battlelog via Firefox from the main PC to see who is and where... and evaluate IF to open the PC from game or not... depending on who I find and where. It is an indispensable service. In fact, for Battlefield 1 (which I still enjoy playing) & BF5 (which is crap) not finding this information I play it very rarely...
Fortunately, on DayZ there is Battlemetrics, which gives some of this information... otherwise it would be a mess having to just open the PC, access the account, load the Game Browser ONLY to see some servers... then for those 4 shit info that from the official one (not even the exact number of players! But you can be so *, because this is deliberate, not a defect), luckily there is "DZSA Launcher" that at least give some more info.
And I'll tell you one more thing too.
And...
On certain versions of Battlefield there was the possibility to watch the game from the subjective vision of each player present in a server, which then... unfortunately... on new games it is no longer present... Even on Battlefield there are a lot of problems with cheaters, and this was a good way to limit the problem.
Even if the subjective vision was "server side" and not "client side" (you couldn't see exactly the player screen with the various cheat menus), but being able to see what exactly he was doing, you already had a more precise idea of "how he played ". This helped a lot to "pinch" those who played dishonestly

And this is a thing good and right

Now...
I understand that on DayZ, often, you want to play "hidden" to avoid getting caught "hidden loot" or "hidden bases"... but if you could implement such a thing, maybe "anonymous" or controlled directly by B.I. on some "sample" or "reported" players, it could at least greatly limit the phenomenon of "cheats"... but at least EVERYBODY must be able to know the names and Steam IDs of ALL the players on the server where they play... and maybe even before entering as a "precaution": I know a fellow countryman I have seen, but unfortunately not registered, use tricks... I know the server where he always plays and I avoid him like the plague... but I have met others "bitches", also from my country, that I blocked on Steam and Discord... and if I saw them in a sever I would gladly avoid them.
This happens in all "normal" video games, why should it even be "a problem" in DayZ?
I repeat:
Knowing the number and "real" names (with Steam ID attached) of ALL the players on a given server is all well and good... and I have often wondered why the B.I. he didn't do it right away... then I got to know better the game and these "programmers" and I understood why, unfortunately.
But invoking "privacy" to hide everything and everyone just seems like big bullshit to me which only helps cheaters... like they need it, on DayZ!

And is that why we don't even see the number of players on battlemetrics now? Good bullshit! Always trying to ruin this beautiful game by making it more and more absurd ... now even this pure paranoia!

Geez,
Thanks for this fix. Hope you continue on this road!!

mrdarn added a comment.Aug 3 2021, 7:20 PM

Excelent work!
Thanks GeeZ!

Just wanted to report back that everything's now back in order.
Third party sites are showing again only the player count, which is really great.

Thank you Geez & the devs behind the scenes for solving this issue so quickly and efficiently.

Geez closed this task as Resolved.Aug 9 2021, 3:34 PM
Geez claimed this task.