GeorgeGr

I also agree, that would be a very good start. People might still be able to do it, but there will be the fear of getting banned.

OK I couldn't resist, I had to reply before leaving for work. Why do you keep ignoring the most important flaw in your scheme? I urge you to go look at your own picture of your scheme and see the get user room function you have described. What does it say? It says that it returns a decrypted version of the user's room. So why you keep telling me that I can't upload an encrypted room with someone else's signature? Why do I care since I will never get an encrypted room anyways. I only get decrypted ones every time I join someone's room. So what makes this function of yours so special to protect from theft? Because you require a token? So what? The server will just know that I just joined a room like everyone else. How will you stop the fact that I could take that decrypted file, load it into the client (making it think that I'm currently designing this room and not uploaded it yet), then upload it to the theoretical web service, get it encrypted, and publish it using my own tokens and credentials to make it my own. EDIT: sorry, i add this here because i know what your reply would be lol: the load into the client won't happen from the actual vanilla client's interface. I'm talking about a theoretical plausible in-memory hack. The whole thing you are describing, sounds like I have to encrypt my room so it gets uploaded, but I already know someone who encrypts it for me giving him just my own timed token. It's that web service.. If you're about to reply again to this, at least make it more interesting, accept the flaw and give solutions on how to not be able to encrypt rooms without breaking the functionality to load previously saved rooms. What you need to solve this, is as AlexRyder has previously stated, that you need to maintain 2 completely different versions of room formats (incompatible with each other) and 2 completely different versions of scene loaders so that a different file is loaded in the world editor, and a different file reaches the clients. BUT even if this happens, it would be fairly easy to create a "translator" between the two formats after a while... I repeat: unless the game's code becomes unreadable to us - there will be no true protection of rooms (and other things). You know what I'm saying now?

I'm going to work now and won't reply anymore You already have mentioned decrypted version when I join a room and that there will be a web service (authenticating to it with my own credentials only - since those are the ones I have). I get the decrypted file, upload it to the web server, sign it with my credentials and get it encrypted and I have a room online. I don't see where OAuth2 would stop me from doing that. The problem is far deeper than you might think and won't be solved unless the code of the game becomes unreadable to us. Oh.. and to clear things out for you, I would only need credentials of other users, to upload a stolen room to someone else's account lol The whole topic here is for stealing a room and using it as your own. You only need your own credentials and noone else's. You know what I'm saying?

OK and what will stop me from using that web service to encrypt a decrypted file? Meaning to do manualy what the world editor would do. Do you expect them to keep diffs of every "commit" that you make to see if you are actually editing your own room or uploading a previously saved one? Or you maybe expect them to create a massive big data comparison system to check the % of each room being similar with other rooms? Imagine the cpu power that this would take for the scale of users that this game has. I assure you that every step that you will add in your solution, will have an answer on how to trick/exploit it. Unless of course the game's client becomes somehow unreadable to us and cannot see what the actual code does. Only when this happens you can start talking about securing the rooms and everything else. I'm sorry, but if you don't understand what I'm saying, don't ask me if I understand what you are saying lol Do you understand what I'm saying? https://www.youtube.com/watch?v=su-HUDo7XQ4

Do you actually understand what you are saying? 1) I join a room and i get the decrypted world file. 2) I open my World Editor and I cannot import my decrypted file because it only accepts encrypted ones salted with something that is only relevant to my own user. 3) But wait.. 3dxchat.exe has all the information I need to encrypt the decrypted file with the proper "legal" way using all my information. 4) --reverse engineer people getting to work-- -- accessing encrypt function-- 5) I upload an encrypted version of your room using 3dxchat's own encrypt functions. So how does this help? Corrent me if I'm wrong but I don't see how your solution would work. It needs far more steps to be added to this to actually get close to being "secure".

You guys need to understand something... Let's say that the client adds some imaginary super uncrackable quantum whatever encryption to the room files. The question is: Do you want random people to visit your room? This is the reason why you spent all those 100s of hours on it right? If your answer is yes, then at some point, any random person's game client will have to decrypt the room somehow so that it will be shown on the screen. (unless of course you want people to just look at a binary file and try to imagine how the room would look like if it was decrypted). Well, since the game's client runs on our personal computer, we have physical access to it and no matter what the encryption will be, we will still have the decryptor running on our computer. Ironic? well no it's not.. It's how the system works. It might be harder for someone to exploit, but eventually it will happen. Encryption would work just fine if you just wanted your room to be available to a select group of friends that have the key. But when you want it to be publicly available - then tough luck. Everyone will be able to decrypt it otherwise the word "public" loses its meaning. Imagine how every open-source developer feels like when his work is being used in thousands of projects and gets nothing for it. All that a developer of any kind wants when his work is "stolen" (a better word would be "re-used"), is to be mentioned. So just be a good sport and if you steal a room, at least have the decency to mention clearly whose creation this is. Just my thoughts on this issue. Have fun and don't let things like that ruin your day

I'll embarrass myself too To just let you know that I noticed, but I also noticed that he created a new account again (maybe got banned with that too? dunno)

@SBM don't you realize that you are completely out of topic since at least 15 pages ago? Also don't you realize that you flood this thread with 4-5 posts in a row instead of just writing a bigger and meaningful one? @EveryoneElse don't you realize that by replying to SBM he only replies back with even more out of topic things and this topic has no meaning anymore? If someone wants to get the facts straight, read about the topic, read a few people's opinions and make a decision, now has to read through 17 pages of crap. So, either create a group pm or a different thread and continue the crap over there, or stay in topic. You have started a topic petitioning to start banning 3dx users (which is serious and people want to read about it) and now it's full of nonesense and standard kindergarten behaviors. PS: If SBM or anyone else continues the nonesense after this post, you are simply embarassing yourself and this thread is a lost cause.

I'll play the role of the devil's advocate here Have you ever stopped to think if for example https://archive.org/is illegal or if https://www.google.com/ is illegal? They both make copies of everything they can find online (including pictures), organize their data, and have them online to be searched. Archive.org also keeps track of previous version of millions of websites. If something is password protected, or have any protection whatsoever, they can't get. I believe that everything that Pandora stores is publicly available for everyone. Nothing special. Anyone with a little bit of free time to spend and some basic programming knowlege can make a Pandora of his own. So, I believe that Pandora users should not be banned, but instead if this is considered to be a problem, the game developers should take measures to protect this information somehow to not be public anymore. You can't blame a user for trying something that found online for free. And finally, I believe i have read some posts here of how it has helped stop sexual predators, harassment in general and bullying (when those things were happening under alts). If this is true, why stop it at all?

I don't think that this incident is Pandora related, but it's still serious and deserves to have a temp-ban respond if it really happened and you have proof of it.

I still believe that this thing should be made in a stand-alone app because there have been cases where room editor won't open at all or has huge delays when the room is "crashed" completely..

just saying it one more time to emphasize on how important it is: BRING BACK THE F5

you both each take a like, and i stop replying since i said what i wanted to say and all the rest is just pointless

Chloe and Nikki, I am thankful that the DJs stream music. They are important to this community and I know that music brings people together. I don't blame the DJs for complaining. I would complain too if I was a DJ in the game. The download feature of the dll, of course can be viewed as a way of "encouraging" music piracy, but it's something that can't be avoided I'm afraid. Sorry, you can't do anything to stop it, you can only make it more difficult for people who download streams to be actually too bored to sort everything out and make the download not usable. I also gave the solution so why you attack me? I'm telling the facts and I gave the solution as well. Don't add words that I never said. Accept it and move on...

i have never stored music off the streams because i can easily just log in spotify and listen to whatever i want.. i don't care to save the game's streams. I am just telling you why this could be happening from a technical perspective. you like it or not, this is the truth.