Everybody Edits leak sensitive information.

capasha · 2019-04-07 09:41:56

I have talked with Xenonetix and the databases doesn't contains updated IP-Addresses, but your old ones still exists.
So now everyone should know that. But below this text is what can be accessed.

Looking at other peoples friends is now patched, thanks to xenonetix and the dev team.

There is a way people with programming knowledge can access:
0] Which world you are inside and the name of the world (Doesn't need to be friend with you)
1] Which the last date you logged in to EE.
2] Your'e last used IP-Address since the last hacking attempt. (Not updated, but they are still there)

How PIOSRT works
PIOSRT found these databases public for everyone to use.
What is PIOSRT? Go to the link and I describe everything about this tool.

Grilyon2, Jesse, rat, Minimania, Kikikan, 2b55b5g, Snowester

Minimania · 2019-04-07 09:56:12

rat, Mait, Victoria, St1ckS4m(EE), 2b55b5g, PTU, Zumza

capasha · 2019-04-07 14:22:37

Like title. I said that the database x is open for everyone. And I posted it in a pastebin.
But he said he didn't care. I CARE XENONETIX.

A little chat from Xenonetix:

You don't accept that people need some privacy.

Jesse, rat, 2b55b5g, Snowester

mikelolsuperman · 2019-04-07 14:27:03

capasha wrote:

So here it come another thing, people shouldn't have access to these database objects.
Ip addresses is removed. Because I don't want other people to use it.
Friends doesn't show which account that have these friends. I want it that way.
A bit from the pastebin.
{
        smiley: 179,
        name: "xenonetix",
        lastUpdate: 2019-04-07 03:31:30,
        ipAddress: censored
        currentWorldName: "",
        currentWorldId: "",
        hasGoldBorder: False,
        stealth: False
}
My Awesome tool that never get released :
<snip - OP request>

The pastebin:
<snip - OP request>
That's from me. Good job at not storing ip addresses, clap clap.

The hacker leaked stuff that's in there. Are you the hacker?

Different55 · 2019-04-07 14:28:41

Merging with your other thread. Please do not make whole topics for each of your posts about the issue.

RailMat

Jesse · 2019-04-07 14:32:25

Xenonetix wrote:

But there's nothing we can do about that in EE without breaking Friends lists or disabling Friends altogether, such is the nature of crappy PIO

Stop blaming PlayerIO for literally everything. There is something you can do about it, and it's ridiculously easy to implement.
Besides that, if we're comparing this against Facebook; I'm pretty sure Facebook allows you to hide your friends list.

rat, capasha, Phinarose, Minimania, TaskManager, Kikikan, XxAtillaxX, Processor, NegaStrife, St1ckS4m(EE), Zumza, 2b55b5g, Snowester

capasha · 2019-04-07 14:39:44

mikelolsuperman wrote:

capasha wrote:
So here it come another thing, people shouldn't have access to these database objects.
Ip addresses is removed. Because I don't want other people to use it.
Friends doesn't show which account that have these friends. I want it that way.
A bit from the pastebin.
{
        smiley: 179,
        name: "xenonetix",
        lastUpdate: 2019-04-07 03:31:30,
        ipAddress: censored
        currentWorldName: "",
        currentWorldId: "",
        hasGoldBorder: False,
        stealth: False
}
My Awesome tool that never get released :

That's from me. Good job at not storing ip addresses, clap clap.
The hacker leaked stuff that's in there. Are you the hacker?

Look whos the owner of the pastebin.

Jesse wrote:

Xenonetix wrote:
But there's nothing we can do about that in EE without breaking Friends lists or disabling Friends altogether, such is the nature of crappy PIO
Stop blaming PlayerIO for literally everything. There is something you can do about it, and it's ridiculously easy to implement.
Besides that, if we're comparing this against Facebook; I'm pretty sure Facebook allows you to hide your friends list.

In Facebook you can disable people from looking at your profile and see all friends you have.
EE doesn't. This only makes me mad.

rat

peace · 2019-04-07 15:14:37

who cares if anyone sknows thier firends no an crappy sandbox platformer it snot liek i know ANYONE fo my ee firned sin real life

2b55b5g

capasha · 2019-04-07 15:28:43

peace wrote:

who cares if anyone sknows thier firends no an crappy sandbox platformer it snot liek i know ANYONE fo my ee firned sin real life

As the other hack that come out you didn't care either. I care about peoples privacy about the sensitivity information.
People want to know and need to know when their privacy is at a risk or sensitivite information is out.

Anyway. The database keep updating. People can still find in which world people are inside. Even without be he/her friend.
No privacy and just dont give a damn about it either.

rat

Joeyc · 2019-04-07 15:30:58

I don’t really see how keeping friends private or not is such a big deal

capasha · 2019-04-07 15:36:57

Joeyc wrote:

I don’t really see how keeping friends private or not is such a big deal

I don't want people to know which I'm friend with. I want that private for myself.
By knowing which friend i have, people could search on duckduckgo.
Maybe find this users nickname and can then later maybe know who it is.
Maybe my mom use that nickname? Who knows.

Minimania · 2019-04-07 15:45:50

It would be really unfortunate if someone who was stalking me found out who my friends were, and which ones were active enough to ask how to find me in other places.

mrjawapa · 2019-04-07 15:46:03

Security and privacy is great, but are we really **** about our friends list being public? And why are we blaming ML for this? Have friends lists not always been public?

This is turning into a witch hunt

mutantdevle

Minimania · 2019-04-07 15:47:25

mrjawapa wrote:

Have friends lists not always been public?

They never were (if we're talking about EE)

mrjawapa · 2019-04-07 15:51:37

Crybaby wrote:

They never were (if we're talking about EE)

Then when did it change?

Tomahawk · 2019-04-07 15:56:58

It's not so much that a player's friend list is super private information that must be kept secret at all costs, but rather that the player cannot choose to keep it secret if they want to.

It is personal data, and at the risk of being one of those guys that quotes legislation, in the UK personal data must be:

Data Protection Act 2018 wrote:

handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

Maybe they can do something about it, maybe they can't. It's still an issue.

Capasha seems to like publicising security flaws with no consideration of whether those flaws are better kept private. In the real world one process is to inform the relevant company of the weakness, give them X months to fix the issue and THEN publicise it, if only to put pressure on them to fix it quickly. But nah, remember when OP semi-leaked Cercul1's password?

mrjawapa, rat, rgl32, mutantdevle

Minimania · 2019-04-07 16:07:41

mrjawapa wrote:

Then when did it change?

Okay, after a few minutes, I need to think more about this, because I might have misspoke.

There is no feature in Everybody Edits that shows other players your friend's list. Without third-party software, one's friend's list is private as long as the user doesn't share that information with others themselves.

I'm not too good at doing talking so forgive me

mrjawapa

Norwee · 2019-04-07 16:10:15

If you care so much about your private data you should join the opt out village.

Minimania

capasha · 2019-04-07 16:13:40

Tomahawk wrote:

It's not so much that a player's friend list is super private information that must be kept secret at all costs, but rather that the player cannot choose to keep it secret if they want to.
It is personal data, and at the risk of being one of those guys that quotes legislation, in the UK personal data must be:
Data Protection Act 2018 wrote:
handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
Maybe they can do something about it, maybe they can't. It's still an issue.
Capasha seems to like publicising security weaknesses with no consideration of whether those weaknesses are better kept private. In the real world one process is to inform the relevant company of the weakness, give them X months to fix the issue and THEN publicise it, if only to put pressure on them to fix it quickly. But nah, remember when OP semi-leaked Cercul1's password?

I semi-leaked Cercul1's password? When?
Anyway I removed the Image and pastebin because feels better like that.

Edit: Updated title and first post. Because I feel like I write it better so people understand instead of just leaking information.

mrjawapa wrote:

Security and privacy is great, but are we really **** about our friends list being public? And why are we blaming ML for this? Have friends lists not always been public?
This is turning into a witch hunt

I have used this tool little from and back. And friends list that everyone can read have never been that before.

NorwegianboyEE wrote:

If you care so much about your private data you should join the opt out village.
https://youtu.be/lMChO0qNbkY

Who even use Google?

peace · 2019-04-07 17:06:49

capasha wrote:

Who even use Google?

who not?

Kikikan · 2019-04-07 17:39:15

I'm waiting for EEU, so the staff won't be able to blame anyone (mainly PlayerIO) but themselves, and actually has to come up with solutions.

peace wrote:

who not?

People who care about their privacy.

mrjawapa · 2019-04-07 21:55:57

Tomahawk wrote:

It's not so much that a player's friend list is super private information that must be kept secret at all costs, but rather that the player cannot choose to keep it secret if they want to.

Why does it matter? What difference does it make if people know who your friends are?

Tomahawk wrote:

Capasha seems to like publicising security flaws with no consideration of whether those flaws are better kept private.

It cannot be stressed enough, just how retarded this is.

>muh privacy
>here's a step by step on how to access the information I don't want people to access

Freckleface

capasha · 2019-04-09 09:02:06

Getting peoples friends without be friend with them is now patched. Thanks to xenonetix and the team.

Minimania, mutantdevle

Zumza · 2019-04-09 09:55:26

Tomahawk wrote:

Capasha seems to like publicising security flaws with no consideration of whether those flaws are better kept private. In the real world one process is to inform the relevant company of the weakness, give them X months to fix the issue and THEN publicise it, if only to put pressure on them to fix it quickly.

When they refuse to fix it from the start, like how Xeno did in this case, then clearly after X months everything will be the same. I don't know whether capasha contacted Xenonetix before or after the first post of this topic. Xeno admitted they knew about this, anyhow, so it wasn't a new thing for them. Therefore the announcement of this issue is justifiable.

MWstudios · 2019-04-09 14:34:11

capasha wrote:

By knowing which friend i have, people could search on duckduckgo.

I dislike Duckduckgo because when I was installing something some time ago, I got a Duckduckgo toolbar along with it and I couldn't get rid of it
So nowadays I compare it to Ask or MyWay

Official Everybody Edits Forums

#1 2019-04-07 09:41:56, last edited by capasha (2019-04-09 09:00:57)

Everybody Edits leak sensitive information.

#2 2019-04-07 09:56:12

Re: Everybody Edits leak sensitive information.

#3 2019-04-07 14:22:37, last edited by capasha (2019-04-07 17:01:05)

Re: Everybody Edits leak sensitive information.

#4 2019-04-07 14:27:03, last edited by Tomahawk (2019-04-07 16:35:33)

Re: Everybody Edits leak sensitive information.

#5 2019-04-07 14:28:41

Re: Everybody Edits leak sensitive information.

#6 2019-04-07 14:32:25

Re: Everybody Edits leak sensitive information.

#7 2019-04-07 14:39:44, last edited by capasha (2019-04-07 16:14:19)

Re: Everybody Edits leak sensitive information.

#8 2019-04-07 15:14:37

Re: Everybody Edits leak sensitive information.

#9 2019-04-07 15:28:43, last edited by capasha (2019-04-07 15:32:54)

Re: Everybody Edits leak sensitive information.

#10 2019-04-07 15:30:58, last edited by Joeyc (2019-04-07 15:32:29)

Re: Everybody Edits leak sensitive information.

#11 2019-04-07 15:36:57

Re: Everybody Edits leak sensitive information.

#12 2019-04-07 15:45:50

Re: Everybody Edits leak sensitive information.

#13 2019-04-07 15:46:03

Re: Everybody Edits leak sensitive information.

#14 2019-04-07 15:47:25, last edited by Minimania (2019-04-07 15:47:49)

Re: Everybody Edits leak sensitive information.

#15 2019-04-07 15:51:37

Re: Everybody Edits leak sensitive information.

#16 2019-04-07 15:56:58

Re: Everybody Edits leak sensitive information.

#17 2019-04-07 16:07:41

Re: Everybody Edits leak sensitive information.

#18 2019-04-07 16:10:15

Re: Everybody Edits leak sensitive information.

#19 2019-04-07 16:13:40, last edited by capasha (2019-04-07 16:59:40)

Re: Everybody Edits leak sensitive information.

#20 2019-04-07 17:06:49

Re: Everybody Edits leak sensitive information.

#21 2019-04-07 17:39:15

Re: Everybody Edits leak sensitive information.

#22 2019-04-07 21:55:57

Re: Everybody Edits leak sensitive information.

#23 2019-04-09 09:02:06

Re: Everybody Edits leak sensitive information.

#24 2019-04-09 09:55:26

Re: Everybody Edits leak sensitive information.

#25 2019-04-09 14:34:11

Re: Everybody Edits leak sensitive information.

Board footer