Risk to be banned about the-finals-tracker HOT 4 OPEN

I'll chime in my two cents here as well.

For me, it was self-evident that usage of this application is at your own risk and the security conserns were even written in the docs and I initally implemented JSON for that exact reason. Although I think it is unlikely that Embark would ban anyone using this software as it is not easy to detect, the risk remains, your initial comment made me realise that it doesn't matter what I write in the docs, people will do things without understanding what they are doing. That's why I've removed the JWT token entirely from the project and currently in the middle of moving the parsing logic from the backend back to the frontend.

For the future, I don't think I'll bring back the JWT authentication as it doesn't get me closer to my goals .

from the-finals-tracker.

Yea, I kinda took it as obvious that the use of this software is at your own risk, but added it to the readme of both projects just in case.

When it comes to your JWT token, you can rest assured that I do not have it and it doesn't get logged or stored anywhere in the server.

from the-finals-tracker.

In fact, you can get access using an old JWT token via cookies stored locally on the browser, so not on the server

Cookies are not a local thing and they are fully visible to the server. My point was not only about storing the data on the server side but operating with the private data that is collected in a prohibited way in any sense to get rid of any responsibility of what will happen with the user account later.

There is not much reasons to have a questionable solution if there is a simple currently working alternative to collect json data and display the stats without worrying about some technical private data.

I think the best solution is to ask for a public api !

Would be great to have this! But for some reason they decided to make it private for now. Maybe they will turn it public later and author will have an already working solution for it without any risk.

So, have you really been banned from the game @Screamer27 or did I misunderstand ? It'd be funny if Embark Studios banned such a ridiculous action when there are so many cheaters in their game without getting banned.

I have not been banned yet for this but as i said previously, the way of intercepting the traffic and transferring the data to some different resource is obviously not allowed by the game Terms of Services. I don't think that having a good intention by using a prohibited methods will be a good argument if their anti-cheat software will decide to ban you because it found some suspicious actions. Also, making a request with a token to get the stats from a different machine/IP that might be related with different multiple accounts (some of them might be account of cheaters) does not looks safe

Still, it is up to you to use it or not. Good that the project page currently has a warning for users so they are acknowledged about this

Edit : I don't speak English very well, so I apologize if I make mistakes or use awkward phrasing, and the same goes for my comprehension.

Don't worry, you are totally fine

from the-finals-tracker.

In fact, you can get access using an old JWT token via cookies stored locally on the browser, so not on the server. I find it very practical to have a cache and not have to reset the token each time.

I think the best solution is to ask for a public api ! So, have you really been banned from the game @Screamer27 or did I misunderstand ? It'd be funny if Embark Studios banned such a ridiculous action when there are so many cheaters in their game without getting banned.

Edit : I don't speak English very well, so I apologize if I make mistakes or use awkward phrasing, and the same goes for my comprehension.

from the-finals-tracker.