Project 1999 - "Spyware" dll in P99's patch files.

Project 1999 (/forums/index.php)

- Starting Zone (/forums/forumdisplay.php?f=71)

- - "Spyware" dll in P99's patch files. (/forums/showthread.php?t=408890)

Quote:

Originally Posted by azxten (Post 3534935)

Anyway...

Personally I think they should have a statement about this functionality, require people to agree to it when creating an account, and this statement should explain how that personal information is being handled. I was curious so read a bit of GDPR to see how it would apply to P99 but as far as I can tell P99 isn't a business. It's an entity which under GDPR entities are only required to comply if they are based in the EU. One thing I found that is interesting was some laws have defined protected personal information as also being aggregate non-identifying personal information if collected on more than 1000 different entities. From a project perspective what is being done is in fact risky because there is a very remote chance that someone's computer is named "bobsmithat123stidaho" and let's say they have a peculiar taste in porn and a staff member has this data from window titles and puts it out there. That person begins to have standing to sue and with actual damages. The data could be obtained by a malicious actor for example it doesn't have to be the staff intentionally using it for bad reasons. In this case P99 would almost definitely be in big trouble. No one agreed to this, they didn't disclose it officially, in this instance it was enough information to identify an individual, and it caused damages. Totally remote never going to happen kind of thing but in reality these things happen sometimes.

Of course these concepts are alien to most people. The risk is on the staff and it's their decision. I see little downside though. It's funny people would actively resist the idea that someone collecting personal information without your consent probably should stop doing that. Rogean said, "If you think what we're doing is bad you should see the other anti-cheat systems" referring to things like EAC and so on. The problem with that is those run with user consent via an agreement obtained duration installation. No such agreement exists for P99 regarding their data collection or usage.

Why resist doing this? It seems immature to me but my mindset is very corporate and seeks to avoid unnecessary risks. My perception is there is concern that if this was disclosed it would threaten growth, weaken the protection, or it's "hard" to implement properly since P99 logins are tied into EQEmu. You can make an EQEmu account without agreeing to anything from P99. The license.txt file has a disclaimer about this but the problem is you don't have to agree to this to play on P99. It's like if you signed up for a Facebook account and after you were already logged in and using the product they E-mailed you a list of rules and described how they're harvesting your personal data. That won't hold up in court.

Oh also since staff has commented on this they're now "knowingly" doing what they're doing in spite of people bringing these issues to their attention. Not even trying to be a dick I'd fix this up if I was in charge and this is how it is. Of course they could be comparing window titles on the client side and only sending a detection flag. Your computer name could be a one way hash for purposes of detecting boxing. There are a lot of assumptions about what is actually collected but then this gets into privacy laws about "processing" personal information as well.

By the way, Azxten, GDPR does very much apply to private entities as well. The only exception is if it's "completely private", but "Project 1999" is very far from "completely private" catering to thousands, so yes, GDPR certainly applies.

Ever heard of user agreements? Everyone is accepting of this concept, no lawyer has done anything about it for like 20 years rofl.

Quote:

Originally Posted by MaddiusTheMad (Post 3536198)

Ever heard of user agreements? Everyone is accepting of this concept, no lawyer has done anything about it for like 20 years rofl.

Where did anyone "agree" to anything, please enlighten us.

guys where did i agree to cheat and get permabanned
(lol)

Quote:

Originally Posted by Chortles Snortles (Post 3536238)

guys where did i agree to cheat and get permabanned
(lol)

Didn't you read the ToS?

https://media.tenor.com/xaBwfY2otmkA...broflovski.gif

I have the utmost respect and gratitude for the folks keeping this game running.

There are some privacy concerns that keep me from playing until I buy a dedicated laptop as covid changed up my work. I'm sure i'm not alone in these concerns, as a lot of the playerbase is older and likely more employed than other games out there ;).

I do wish we had a better sense of what's at stake, privacy-wise. Not because I dont trust the staff, but because I know security breaches happen.

That all being said, it is what it is and I know i'll be playing again soon. Thanks again p99 people

Here are some old quotes on the DLL file.

Rogean (apparently - a commenter from a 2015 thread said this was a post from him): "As far as what it does.. I can tell you for a fact it does not collect information about processes unless they directly access Everquest memory space."

Deurbael (retired P99 GM - comment from 2014): "dsetup.dll doesn't modify any of your files, doesn't let us read your files, doesn't destroy your registry. It doesn't give us any kind of hands on access to your computer. It's there to detect cheats like Macroquest and ShowEQ so that we can have a truly hack free server. As a poster explained above, it is likely that someone submitted it to a (crappy, lazy) virus database and they filed it in the "well it does something but we can't be arsed to figure out what" section of their DB. So now it's going to flag on certain virus scanners."

Now - is this all true? Who knows. To some degree we'll just have to trust the staff unless someone with a lot of technical knowledge can break down the DLL and confirm what it has access to.