Site security (1 Viewer)

[Redbot]

We are 99% certain that the P99 staff are lying to players about their RMT detection methods. Last month, it was "Your seller is ratting you out!" as seen here:
http://www.redguides.com/forums/sho...r-RG-usernames?p=245278&viewfull=1#post245278

This month the GM's are claiming, "we have a moderator on redguides who can see your ip!!"

After extensive research, I can see why they'd want to create new lies each month.

Only two people on Redguides are given access to your IP information. Maskoi and myself. Neither of us play on P99, but we appreciate the community you guys have built here and are going to support you 100%. Also, moderators cannot see IP's, and beyond that, the bazaar has no moderators! Hard for "moderators to see ur ip!!!!!!" when they don't exist.

But because I'm a paranoid nutter and I respect the talent behind P99, I made everyone take their accusation seriously. Even though moderators don't have access to IP information, we immediately worried that our server was compromised, so we scoured our logs for any signs of IP access and found nothing. We double checked for server exploits, shells, rootkits, etc. and found nothing. I personally spent two days going over a 3GB mysql log BY HAND for any signs of anomolies. There has been no outside access.

Here's what we've discovered from reverse engineering: P99's dsetup.dll actively scans your PC. For exactly what, we can't say, but we have cracked a couple mysteries:

1) It includes some NSA-level intrusive scans on your PC.
2) P99 GM's have full access to every window title and URL you have open.

I've updated our safety thread in accordance with these discoveries. Please log off p99 before visiting Redguides, or use a different PC or your phone.

We barely cover costs from giving P99 players a home here, but you guys have done a great job building a community and we want to protect your hard work from these psychos. If there's anything we can do to make you safer from scammers, GM's and other scum, please let us know.

 

[Ronnex]

Someone on P99 described it as

The dsetup.dll actually has the mq2 core embedded in it, acting as a framework that allows the devs to easily remove non-classic elements from the game. It likely also keeps track of what other dll's attach to it, and other processes that open EQ's virtual memory space. It also keeps track of the name of your computer among other things to detect boxing. It is a proxy .dll, and obfuscated with a packer, which might falsely set off trojan alarms.

And no i don't play on or ever plan to play on P99, Emu of my choice is THF.

I get it that they are against "cheat" and boxing however that is a step to far for my taste for a emu server unless they make you aware and sign a Eula or something like that .

 

[Razkle]

WOW just fucking WOW! Well I guess no TLP and now no 99 for me, I quit WarZ over intrusive anti cheat practices that would effectively let a company into my pc for whatever they wanted they wanted to use Punkbuster, a company that had employees STEALING players real actual bank logins and selling them for bitcoins. Not in game bank but your actual real life bank login! The "Anti-Cheat" people were crooks, not cheaters, C R O O K S! For reals!

 

[PoonaniMeister]

man if this is true that is invasion of privacy - i don't know squat about software code etc - but if you can tell what is on my pc outside of the program i'm using to access your server that is essentially - i dont know what to call it

 

[Soncen1234]

I've had my browser open with a tab to this website several times while logged into P99 and that is very concerning. I wonder if P99 staff use this sort of data monitoring to link RMT activity with players in-game. I certainly wouldn't put it past them.

RedBot, if you're willing, would you please elaborate as to what the P99 staff has access to? I can only imagine what "NSA-level intrusive" means. An example of what data they're capable of monitoring beyond the open tabs would be great! I already know they use packet or memory flooding to detect MQ2 use, so why this level of intrusion? As a side note, I do believe it's legal what they're doing, because we willingly downloaded the file or something like that...

 

[Kanbluep99]

Great stuff. This should have a sticky and be up top with the Fitz scammer.

 

[thecollector]

I have known for a while that one of the benefits of their DLL was the fact they could grab all active screens open/titles(which easily leads to stuff like skype, aim, etc). However aside from that, Even if a person was browsing redguides legitimately or not(I check the site every so often to see who is selling off, not too hard to deduce some players considering certain gear in velious. However nothing ive seen in their eula or tos says you specifically cannot go to redguides website or if you do you will be banned. I ate my bans on P99 when I cashed out almost a year ago or something, I still have a string of lvl 20-40 chars but pretty bored of it atm. I am trying to recall where I read something about the whole skype thing, people were wondering how they knew their skype names and the answer was pretty clear it was from the DLL's ability to grab titles of all windows.

The downside of an old game like this, specifically a emu server is that there are very few players, and even fewer coders. Some of them make cheats/hacks ie or work with making a undetectable MQ(a lot of work from what I hear) If someone really had the brains and time to dedicate it they might be able to avoid the DLL entirely or trick it into viewing something else. For the last decade people have got around some of the best, multi million dollar anti cheat tech(VAC, Warden to name two) some by kids who arent even 18 yet, others who do it for profit. If there were more players I am sure someone would come in and make something and sell for profit. Though again that would mainly benefit people who wanted to run MQ etc. Personally I don't really find the need to run MQ or other, but it is fun every once and a while I just don't want to risk it even if its on a non-p99 server.

 

[420smoofin]

holy shit fuck those guys

 

[Grauh]

Man, that was an eye opening thread. Really liked being able to go back to the old school game and even appreciated some of the control they kept over the environment by limited 6 boxing, but yeah it seems they have gone too far. No wonder all the anti-virus software hates when the game launches and blows away some of there files.

 

[Hopeless]

I don't play on P99 and never will.
But do appreciated Redbot and team look into this to make users here are secured.

/bow

 

[Eqguy0286]

Thank you for this.

As if I didn't have enough reason already to sell all my P99 shit and delete those files forever.

 

[Derp1999]

2) P99 GM's have full access to every window title and URL you have open.

How is this even legal without fully disclosing such monitoring in the EULA? That kind of monitoring has to be in any EULA that someone agrees to where monitoring of what URLs, tabs, programs, etc. you have open. Otherwise, this could very well violate Federal privacy and wire fraud laws and State privacy laws that vary from state to state regarding the "reasonable expectation of privacy" and recording conversations without consent; e.g. if you are chatting on Skype, Yahoo Messenger, etc. with someone and the GMs record it in any way. If these guys are operating the game servers in the U.S. and people are playing outside of the U.S., and they are taking personal information (any website you have open on your computer where you have a reasonable expectation of privacy), then anyone involved with capturing the screenshots or even using them in any way, even for their "server's safety", be charged with felonious international wire fraud charges.

18 U.S.C. § 1343 provides:

Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.

Third party screenshotting without consent, even if you are playing on a "private server", is wire fraud according to Title 18 of United States Code unless it is expressed in their EULA that they are taking screenshots and collecting very specific data from your system. What is on your computer *is* your property and without appropriate screenshot disclosure in EULA, then they are defrauding the user of their property. I know this from personal experience when I found out that an ex-girlfriend put a keylogger/screenshot program on my computer before we broke up. I was living in Japan and she was living in the U.S. when I found out. The investigator asked if I wanted to press international wire fraud charges against her for doing exactly what P99 GMs are doing...if, indeed, they are screenshotting your screens and/or reviewing every URL you have open.

If someone has absolute proof that they are screenshotting URLs, open tabs, etc. on people's computers, someone needs to step up and let us know!

(For those of you wondering what happened to my ex...I let her off the hook as I didn't want her life ruined just for being an intrusive bitch.)

 

[runordie]

P99 is not a legal entity/organization that can be prosecuted. They don't require any sort of payment, they only accept donations to pay for server costs. Doing this puts them in a wonky grey area.

If any of the p99 staff is using this intrusive software to make personal financial gains then they are in trouble. If the intrusive software is only used to protect their emulated game then there is no legal action to be taken.

And also DayBreak would be the only entity that has enough power to do anything and they allow p99 to use their titanium client as long as they are not profiting from it. So unless daybreak breaks their agreement with p99 and wants to shut it down for copyright infringement (like blizzard is doing to the notalis private server) there really is.no legal action to take against p99 in my opinion.

This intrusive privacy infringement could only be added onto a copy right infringement started by DayBreak (unless personal financial gains are made and legal action can be pursued against that person)

I'm no lawyer by any means this is simy what I think of the situation

 

[Redbot]

Mea culpa. This was posted at a point when we were trying to figure out how P99 GMs were getting the IP of nearly every seller at Redguides, and we shared notes with a developer who was working on map software for P99. We had many theories, and I made this thread before being sure about any of them. I jumped the gun, my apologies.

I'm no longer convinced dsetup.dll is scanning your entire PC, or taking screenshots, or accessing browser windows. It turned out they were nabbing IPs through Skype.

That said, I wouldn't put it past them to disregard privacy in order to catch someone involved with MQ2/RMT (moreso than the stalking / doxing / hacking currently employed), therefore I don't recommend P99 to anyone. Play Ragefire, Lockjaw, p2002, PEQ, THF, basically any server where the staff has a tiny bit of respect for players.

 

[Kanbluep99]

Mea culpa. This was posted at a point when we were trying to figure out how P99 GMs were getting the IP of nearly every seller at Redguides, and we shared notes with a developer who was working on map software for P99. We had many theories, and I made this thread before being sure about any of them. I jumped the gun, my apologies.

I'm no longer convinced dsetup.dll is scanning your entire PC, or taking screenshots, or accessing browser windows. It turned out they were nabbing IPs through Skype.

That said, I wouldn't put it past them to disregard privacy in order to catch someone involved with MQ2/RMT (moreso than the stalking / doxing / hacking currently employed), therefore I don't recommend P99 to anyone. Play Ragefire, Lockjaw, p2002, PEQ, THF, basically any server where the staff has a tiny bit of respect for players.

They got to Redbot! just kidding. Thanks for the update Redbot. Was wondering if anymore information came out of the original thread.

 

[Oldskool]

Project 2002?

They got to Redbot! just kidding. Thanks for the update Redbot. Was wondering if anymore information came out of the original thread.

Does anyone know if Project 2002 is a good alternative to P99?
It seems to be a server as close to classic as P99.
And you can use a 3-box crew max.
Which is nice way to level up and quest , but you can't have an army of 6 Mages
And P2002 stops at POP...many agree POP was the last great expansion.
Just curious if anyone here knows much about those who run P2002 and how is the community on it?

 

[Sog]

Sold $2k worth of stuff there in chars and gear. P99 staff is terrible hypocrites. Never going back.