Jump to content
3DXChat Community
Sign in to follow this  
xliax

Serious question: how secure is this game?

Recommended Posts

Hey

Serious question based on a recent experience in-game - please don't dismiss this out of hand, especially if you have no technical knowledge. The question is, could this actually be possible, however unlikely it seems?

So a player approached me the other day and immediately called me a liar. I asked why. He said that my IP address was basically not the place I advertise in my profile and that he could see 'past the avis to see users' IPs'. I told him this was bullshit and he couldn't do anything of the sort. He was adamant he could. I reported him for harrassment and put him on ignore.

So, on the face of it this seems to be unlikely, probably just an arsehole trying to frighten me. Even though the IP is only a general geographical area, it's still a bit unnerving.

BUT - is there any way, however unlikely, this could be legit? Could someone be able to hack the user database and obtain this kind of info? Is it potentially possible because, if so, there's answers needed.

Share this post


Link to post
Share on other sites
Posted (edited)

I don't think so. All players are connected to the server, not each other so they don't need to know each other's addresses. I've looked through some data sent/received by the game and I didn't find any user IP addresses being transmitted. I've only found nicks, messages and information about movement and poses.

It seems like only the devs have access to the IPs of the users. The hacker would have to somehow get administrator's access to the main server, which is very unlikely IMO

I wouldn't worry about it, but if you want to be 100% sure you can connect through a VPN (like ExpressVPN, don't use the free ones though), which will hide your own IP address from the server.

Edited by wredzab

Share this post


Link to post
Share on other sites

I'm with wredzab on this one. That person is a big troll, trying to get under your skin.

There is no direct communication between users. Only user -> gameserver and gameserver -> user.

Just make sure you don't browse to URL's given out by users, because that way they will be able to capture your IP address.

Share this post


Link to post
Share on other sites
Posted (edited)

Used to be possible. If you were streaming your own music, You could see your listeners IP address in certain online streaming consoles. So lets say I invited you to my room. I have my own music streaming with a 3rd party program on a personal server. It is just me and you in the room. I know my IP. The streaming service I am using is telling me I have another listener who joined my stream. And it shows the IP address of the listener and mine. So then do a IP address lookup and you got your whereabouts. Then I can know if you are fibbing or not. 

Not sure if they changed anything but that was the old way.  This was years ago though. Maybe they made it more secure with when they updated the game to 64 bit? No idea? My guess would be from personal experience over the years, 3dxchat is about as secure as a old persons dentures. You shake em real good and no matter how well glued in they are, Those teeth eventually wobble out and fall to the floor. Where there is a will there is a way. There is some very pc savy users who play in this realm. Some are very crazy and extremely bored.  So you gotta be careful. There are a ton of ways to get peoples info. From reverse lookup of pictures to links to all kinds of stuff. If even one of your pictures is linked to a social media account or even a imgur account. Then your ip can be found with some fiddling as well as sensitive info. So don't use your own pics. Don't give any info to personal to strangers and only share what you are comfortable with. If you have a job that you could get fired for playing a game like this, Then don't share anything at all with anyone that could put your career in jeopardy. It  is best to be safe rather then sorry.

Your best bet is to just write  " Your booty or Fantasia or LaLaLand or Paradise" if you don't want no freaks to harass you about your location. My location changes all the time. Sometimes its my real location. Other times it just random gibberish or a flat out lie. 

Be careful out there. Stay safe. There is lots of good people in 3dxchat but it has a few notorious shit disturbers who are bored with what the game has to offer and just like to cause drama. Some of these people know every trick, exploit and loophole you can think of and more. 

Edited by Nymphpott
Spelling

Share this post


Link to post
Share on other sites
9 hours ago, xliax said:

Hey

Serious question based on a recent experience in-game - please don't dismiss this out of hand, especially if you have no technical knowledge. The question is, could this actually be possible, however unlikely it seems?

So a player approached me the other day and immediately called me a liar. I asked why. He said that my IP address was basically not the place I advertise in my profile and that he could see 'past the avis to see users' IPs'. I told him this was bullshit and he couldn't do anything of the sort. He was adamant he could. I reported him for harrassment and put him on ignore.

So, on the face of it this seems to be unlikely, probably just an arsehole trying to frighten me. Even though the IP is only a general geographical area, it's still a bit unnerving.

BUT - is there any way, however unlikely, this could be legit? Could someone be able to hack the user database and obtain this kind of info? Is it potentially possible because, if so, there's answers needed.

DJ`s can see your IP and looks like this guy got this information from one of them while you entered some room. It`s not that easy, but as I know any Dj can see IP from everyone who visit their streams. Not exactly in the game, but at their stream services. Correct me if I am wrong, but when i had a stream I was able to see everyone and their IPs on a map.

There is a tiny group of silly people who don`t care about your privacy, but care about what you are, what you do and how you do. They picture themselves as moralists being stalkers and assholes. They shouting that they hate cheaters being cheaters themselves and so on. 

So use VPN.

Share this post


Link to post
Share on other sites

Maybe a bit of a naive question but what kind of practical security risk could a 3dxchat player be exposed to if someone knew their ip?  I mean what could someone do by knowing your ip address (other than just cause worry to others)?

 

Share this post


Link to post
Share on other sites

IP addresses flow through the data stream like nobody's business. You look at a pic a log is created with every IP that viewed that pic.  Someone posts a pic that doesn't exist , an error log is created for every iP that saw nothing. So if this guy is just reading the data stream or has a program listing IPs then he can connect you to your IP. So the dangers of this are he could DDOS attack you. Most can defend this by resetting your router and receiving a new IP address number. Most people have this type of set up. Another danger is he can narrow your residency down to a region smaller than your State. So some really crazy nut could try and find you but that's a long shot maybe with addition info.

Conclusion IP addresses are a dime a dozon and really only meet the classification of personal info if they are attached to your username. If all your router lights are on but you cant seem to connect to the internet it might be a DDOS attack. Just unpug your modem or router and plug t back in for a new assigned IP address number.

Share this post


Link to post
Share on other sites

In virtual worlds where DJ's play at clubs and clubs compete for most popular DDOSing the DJ is common.  More experienced DJ's have they protections in place.

Share this post


Link to post
Share on other sites

Sorry for the consecutive posts and this is going to be a bit off topic, but with the recent DDOS attacks and the securing of pic files in layouts there is a server configuration script call redirect based on user agent. This means pic URLs used in layouts would only work in 3DXChat not in a browser eliminating theft but this also may have been able to have been used in the recent DDOS attacks. The hacker would be trying to connect from his brute force app and would be denied or redirected not having the proper client. This is also used for web pages that are phone friendly. The server redirects to the phone friendly web pages base on user agent that is a phone. Just tech stuff for Gizmo to be aware of. I have actually done it myself for pic hosting.

Share this post


Link to post
Share on other sites

That's a good point. If these criteria are met, someone *is* able to get your IP address:

  • You have the enabled the radio turned in the Sound settings (volume turned down is not enough, it's really about that checkbox)

image.png.d58a00212fda2a98787cd76cc23e0755.png

  • You are NOT in a default room (Sin Club, Fresco club, etc)
  • You are in a room with a private stream
  • The room owner who is running the stream has access to the back-end, for example the shoutcast or icecast software (you can never be sure about this)

It's difficult if you have 50 people in your room, and eg. 20 with enabled radio, to find out which user has which IP address. Because that link isn't there. Except when you're the only one who joined obviously.

37 minutes ago, Derai said:

IP address only shows your rough geographic location doesn’t it?

The only information that is publicly available, is which Internet Service Provider owns which IP address. If I look up my IP address, it looks like it's based in Amsterdam. Although that is where my ISP is located. I'm not even near Amsterdam, like, at all.

Share this post


Link to post
Share on other sites
6 minutes ago, ColinDude said:

The only information that is publicly available, is which Internet Service Provider owns which IP address. If I look up my IP address, it looks like it's based in Amsterdam. Although that is where my ISP is located. I'm not even near Amsterdam, like, at all.

Isn’t that the same principle about some of those ‘targeted’ ads online?

“Hot singles in (city near you)”

That works via the IP address too. Yes?

Share this post


Link to post
Share on other sites
Just now, Derai said:

Isn’t that the same principle about some of those ‘targeted’ ads online?

“Hot singles in (city near you)”

That works via the IP address too. Yes?

That could be the case, however I suspect that those ads use other data sources for that. Check this page for more in-depth info: https://askleo.com/how_do_those_ads_know_where_i_live/

Share this post


Link to post
Share on other sites
12 minutes ago, Leopardus said:

Is there a way of knowing this?

I'm not 100 % sure (maybe someone else can verify this?) but I think if you find the "iPad on a stand" prop, and click it, it tells you "private stream".

Share this post


Link to post
Share on other sites
1 hour ago, Derai said:

IP address only shows your rough geographic location doesn’t it?

Yes. In most cases, the hub you're connected to.

Shoutcast server shows my IP location in a town some 250km from where I live.

Share this post


Link to post
Share on other sites

Thanks for all the replies so far, it shows that there are some really decent people in 3dx (which I already knew, I'm not exactly a brand new player or anything).

Yes I had entered a room when I was immediately pinged by this guy, but I don't recall whether there was music playing or stuff bc I had my laptop on mute.

Re. what Leopardus said about it basically not mattering because the IP is only a rough geographical indicator of a location... Yes I get this, as I mentioned that in my original post, but that really isn't the point. If the IP can be identified then it's a privacy breach IMHO and, while Mr Stalker and Mr Crazy-Man-With-A-Knife aren't likely to turn up at my apartment any time soon, that isn't the point.

And actually, for some who are hell bent on finding out who players are in real life, the IP could offer a significant piece of information. A real forename, a job title, a rough geographical location... it wouldn't take Sherlock Holmes to put the info together, not with the open access to data that's readily available through legit sites on the internet.

Share this post


Link to post
Share on other sites

just keep ur radio turned off in rooms and even in general locations cause there also some player djs

and if u want to be extra safe use a vpn 

and if you want to cheat on ur man or ur game wife u can also do that cause its a game and you dont have to give report to anyone :) 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...