In a discussion about the Bahro character "NotABeast" that has appeared in the game recently, Taghtahv made this revelation:

Tahgtahv wrote:

However, the fact that the other player on the account is OMGHaxxor is a bit more suspicious. (That character is also a bahro)

I asked how Tahg could know what other avatars were on the same account as NotABeast, and he answered in another message:

Tahgtahv wrote:

The source of that info is from a tool our team has made.

Maybe other people already knew about this, but it's news to me. I guess if you have alternate identities or avatars on the same Myst Online account, which you may have thought would be known only to yourself and Cyan - well, if you thought so (as I did), you're mistaken.

Though I appreciate that Tahg brought valuable information to light about NotABeast, I am disappointed to hear that some other players can find out the identities of alts.

_________________

MOULa 26838 | Prologue Video Project: On Hold pending Minkata support
Visit rel.to to explore Myst, Uru, and D'ni communities!

Well I think this outrageous and would like cyan to do something about it. Some kind of encryption or something to the vault. I do not want people using tools to check my account. The whos online tool is no problem for me. But this one should not be alowed and i am here requesting someone from cyan to do something about this.

_________________

• Meesem hevtee d'nee? Mees!
• Lena biv kenen erthbantee me Keelentee.

Marten wrote:

I am disappointed to hear that some other players can find out the identities of alts.

I am more disappointed that a player has been out’d in public.

I really do appreciate the efforts and concerns here for Cyan’s shard but this needs to go to Cyan first and only after Cyan’s consent released for public consumption.

_________________
semplers' shards

OMG! OMG! A haxxor AND a Bahro mentioned in the same post? That must mean that it's "Have a Cow Time" here on the forum!!! Wheeee!!!!!

_________________
~ semplerette

Might I add (and some people are probably going to kill me for all this), that both players on that account were Bahro. Yes, I can see what avatars are related. No, I will not post the association of any legitimate avatars here.

Well, if your hack works for one, why not try both?


Really, in part I'm surprised it's taken this long for everything to be done. I mean this sort of stuff must have been possible from the very start of prologue, and yet we only start seeing hacks like a person going as a bahro or a non-client online checker or a tool to dig up uids from the vault..

You guys *aren't* doing this for Cyan, right? You did it on your own and while you may have worked with them this was reverse-engineered right? Actually, I guess that's probably a non-topic for here, but oddly it'd make me feel better to find out it *was*.


Still, we haven't even seen the source and already we're digging into Pandora's box as far as doomsayers go for hacks and tricks. Go us!

(Next step is say finding a way to change our KI permissions and get custom python hacks to do things that persist or what have you. Just wait and see..)

_________________
You know, I wish we would learn Atrus loved the 1812 overture, and in turn we had a copy for our relto.
That's right, a canon canen cannon!

MOULa KI: #00027582
Welcome back all!

While we are working with Cyan, it is in the loosest sense of the term. Basically they have just given us an unofficial, it's ok to do what we are doing and to report any holes to them. They haven't given us any code. We've been working on this since November 2003 if that gives you any idea of what we might know.

Figured as such. It's good and bad in a way.. it's good that Cyan isn't the ones running around flinging out sourcecode to select groups and such, but bad that it's doable. Not like they secured this stuff I guess... it also means as I alluded to with a Pandora's Box bit that it's perfectly doable. The only thing you have over Joe Hacker is the fact that you've been doing it approaching a decade and have a head start.


Well, it's not like we could've kept the cat in the bag or something about what's possible. I'm just curious now how long before we see someone really fundamentally changing their MOULa client to allow stuff that we wouldn't otherwise... or hacking together a homebuilt equivelant.


But that's neither here nor there. While it is a bit worrisome that it's possible to dig up uids and find out by them who's whom, it's not like emails are stored with that and such, so all you know is if if the explorers belong to a given email.. so if you're so worried about people finding connections, use a handful of email addresses. Common net privacy, although if we're at the point you can find out by IP address connections all, without running the server itself or having access, then we have a problem.

_________________
You know, I wish we would learn Atrus loved the 1812 overture, and in turn we had a copy for our relto.
That's right, a canon canen cannon!

MOULa KI: #00027582
Welcome back all!

Gondar wrote:

Figured as such. It's good and bad in a way.. it's good that Cyan isn't the ones running around flinging out sourcecode to select groups and such, but bad that it's doable. Not like they secured this stuff I guess... it also means as I alluded to with a Pandora's Box bit that it's perfectly doable. The only thing you have over Joe Hacker is the fact that you've been doing it approaching a decade and have a head start.


Well, it's not like we could've kept the cat in the bag or something about what's possible. I'm just curious now how long before we see someone really fundamentally changing their MOULa client to allow stuff that we wouldn't otherwise... or hacking together a homebuilt equivelant.


But that's neither here nor there. While it is a bit worrisome that it's possible to dig up uids and find out by them who's whom, it's not like emails are stored with that and such, so all you know is if if the explorers belong to a given email.. so if you're so worried about people finding connections, use a handful of email addresses. Common net privacy, although if we're at the point you can find out by IP address connections all, without running the server itself or having access, then we have a problem.

The only problem i see here is for people that use IC and OOC characters and don't want people to know that its them. I actually created an IC character once but gave up on the idea. I'll ooc and ic with my main character depending on my mood. It's easyer. But it's bad for people who don't want to go and create more than one email and want several avies to be secret. I really think it's good they found out about this, but also think that if this was found then it should be fixed so it can't be access again.

_________________

• Meesem hevtee d'nee? Mees!
• Lena biv kenen erthbantee me Keelentee.

Oh, the only problem you might see.. but privacy here is a rather personal thing and views vary. Remember the furor about the simple fact that OHBot was programmed with the full list of KI numbers that was publicly available here on the forums? Even though anyone could look them up the fact that they were there in some bot's database freaked certain people out. (Personally I'm all for it and glad it was an added feature).

Something like this where people can look up alts? Batten the hatches and board up the doors and windows, it's the apocalypse again!

(Once more, the existence of bahro explorers adds to the signs of the four bahro of the apocalypse riding out spelling DOOM to the cavern! Horrors! )

_________________
You know, I wish we would learn Atrus loved the 1812 overture, and in turn we had a copy for our relto.
That's right, a canon canen cannon!

MOULa KI: #00027582
Welcome back all!

Gondar wrote:

(Once more, the existence of bahro explorers adds to the signs of the four bahro of the apocalypse riding out spelling DOOM to the cavern! Horrors! )

You... you... you mean they will be doing skywriting in the cavern...

_________________
Nalates - GoC - 418 - MOULagain: Nal KI#00 083 543, Nalates 111451 - Second Life: Nalates Urriah
Guild of Cartographers

Awww I just started making alters... bummer. I'm not going to make more. If people want to ruin the magic they can. I feel bad for my fiance though we share an account so people might start trying to claim she's me....

_________________


Thelonius "Prof" Higginsbottom

member of the Guild of Calamitous Intent

"I invented the term the Bevin Generation do I get a spot in Mystlore?"

Well, I wont tell. (Unless you have something like a Bahro on your account and then all bets are off) I don't usually give out info on normal players unless they challenge me to or otherwise ask for that info.

*Hurries to hide Bob the Bahro* No I have nothing of the sort Officer, no contriband

"What about-?"

Quiet Zeesha, Yeesha's twin sister!!!

_________________


Thelonius "Prof" Higginsbottom

member of the Guild of Calamitous Intent

"I invented the term the Bevin Generation do I get a spot in Mystlore?"

This sort of thing sure is... annoying. That's an acceptable word, though it falls short of my real feelings.

Close the hole, already! Don't just tell us that it's not being abused, how is that supposed to make me feel better? There's a gaping hole in security, but only nice people know about it?

_________________
"I visited Esher's lab and all I got was this lousy t-shirt."
VidRoth -- KI#50637