Global Banlist - Garry's Mod

[QUOTE=ph:lxyz;48637621]The fact that the data being entered onto the list would be signed cryptographically using the private key of the https certificate of the server on which the incident occurred. The client would be able to use the public key from the website to verify the signature of the data.[/QUOTE] What prevents the server owner from getting 1000 certificates, pretending to be 1000 servers? Anyone can generate any arbitrary amount of private/public key pairs. You mention a website that manages the public keys of servers. If that's the case, substitute "server owner" in the above question with "the maintainer of that site".

[QUOTE=FPtje;48637637]You mention a website that manages the public keys of servers.[/QUOTE] No. There is no requirement for any kind of central website with all the certificates on it. That's not how it works. It's quite simple: Each server that wants to participate would have a program/daemon running which is maintaining the blockchain and which has an API callable from gmod. When someone is warned, banned or kicked, the API is called (from the server itself) on the external program talking to the p2p network. The server then uses the private key of the domain certificate for the community that hosts the server to sign the event (which would contain: - the type of infraction warn/ban/kick - the UTC timestamp - the url of the website of the community that did the banning - the specified reason given by that moderator - the steamid of the person that caused the infraction - the steamid of the person that carried out the command on that player (although that's harder to secure) The public key of a website is downloadable by anyone by visiting the https home page of the website: (the p2p program can look at the https homepage of the community website that the infraction was reported from to get the certificate and verify the infractions when looking up a steamid.) Once the event has been created as a result of a kick / ban / warn on a server, it is "spent" into the blockchain by the server itself as a transaction, and it propagates out to other instances running on other servers and is "confirmed" just like a bitcoin blockchain event. When an admin gets told that player has been breaking the rules on a server that is participating, the admin can run a checkup command which would first call the API of their local copy of the p2p program, finding infractions that are listed for that SteamID and returning the ones whose community-website https certificate successfully validates the signature of the entry, and then displaying that info to that admin / mod so that they can decide whether they want to take action. If they do take action, the kick or ban command will tell the P2P program via its API to log a new incident (as described above), signed with the private key of /that/ server. The blockchain would be truncated in length as it is shared so that only say 6 months or a year of events are retained. I'm not saying this is free from design flaws but it's not terrible, either.

Alright, so let me sum up the solution: To solve the core problems of a ban list, we must - not call it a ban list, because it shouldn't be used to ban people - ask server owners kindly not to actually use it as a ban list, but to get a "general idea" of someone when someone is behaving badly - call the server owners who [I]do[/I] use it as a ban list immature and tell every potential client that they shouldn't want to join that server anyway - implement a "simple" blockchain mechanism to prevent the author from maliciously putting people on it - use this same blockchain mechanism to prevent one community from pretending to be more than one community - hope that one community doesn't maliciously decrease the "reputation" (not ban status) of certain players - expect server owners to check whether other communities maliciously put players on there. There's already nothing left of the ban list concept and one of the biggest problems of it still hasn't been addressed: the guilty until proven innocent principle.

[QUOTE=FPtje;48637806]Alright, so let me sum up the solution: To solve the core problems of a ban list, we must - not call it a ban list, because it shouldn't be used to ban people - ask server owners kindly not to actually use it as a ban list, but to get a "general idea" of someone when someone is behaving badly - call the server owners who [I]do[/I] use it as a ban list immature and tell every potential client that they shouldn't want to join that server anyway - implement a "simple" blockchain mechanism to prevent the author from maliciously putting people on it - use this same blockchain mechanism to prevent one community from pretending to be more than one community - hope that one community doesn't maliciously decrease the "reputation" (not ban status) of certain players - expect server owners to check whether other communities maliciously put players on there. There's already nothing left of the ban list concept and one of the biggest problems of it still hasn't been addressed: the guilty until proven innocent principle.[/QUOTE] The admin / mod on each server decides whether the player is guilty on their own server based on their actions on their server. The list doesn't make that decision for them. It would help them decide how long to ban someone for. If they were kicked repeatedly once from only one server for a bunch of stupid looking reasons, they might decide that the player should just be kicked once this time. If another mod comes on later and the same player is there and they see that the player has also been kicked from this same server, they might choose a harsher punishment this time around. If you are falsely accused of something in court and the judge decides that you did it, you would still be punished. Now that's far from ideal, but then if positive reputation scores were held there too, a better picture of a players' character could be obtained from a wider set of sources. The problem comes in verifying the steamid of the accuser / person leaving a good or bad rating. There is also the problem that people will leave more bad ratings than good ones (probably) since most people only bother to do anything when someone annoys them. Possible solution to that would be displaying the mean time between "Dumb" or "Disruptive" ratings given by all players... Anyway, the concept is simple but not complete - so more input is appreciated.

[QUOTE=ph:lxyz;48637870]The admin / mod on each server decides whether the player is guilty on their own server based on their actions on their server. The list doesn't make that decision for them.[/QUOTE] This is your ideal vision of an admin/mod. That vision is incredibly naive. Especially since it's incredibly easy to make it just auto ban people who have 10 or more "disruptive ratings". You're describing point two of the solution here, which is asking the server owners not to use it as a ban list.

[QUOTE=ph:lxyz;48637621]The fact that the data being entered onto the list would be signed cryptographically using the private key of the https certificate of the server on which the incident occurred.[/QUOTE] What's to stop me from generating a shitload of certs and using those? Are you going to require them to be signed by a CA? What if your mod gets popular and I start a blackhat business where I get a shitload of certs signed and then offer to rep fuck an arbitrary player?

[QUOTE=FPtje;48637994]This is your ideal vision of an admin/mod. That vision is incredibly naive. Especially since it's incredibly easy to make it just auto ban people who have 10 or more "disruptive ratings". You're describing point two of the solution here, which is asking the server owners not to use it as a ban list.[/QUOTE] If the following looks sarcastic, it is not intended to be: OK, I take your point on board. I can see how I was being idealistic. To deal with reality then Do you think then maybe that if someone is known by valve or garry to be creating their own distributed banning mechanism, that those people that create that kind of thing (e.g. HeX) should be banned from playing the game themselves? [editline]8th September 2015[/editline] [QUOTE=sasherz;48639985]What's to stop me from generating a shitload of certs and using those? Are you going to require them to be signed by a CA? What if your mod gets popular and I start a blackhat business where I get a shitload of certs signed and then offer to rep fuck an arbitrary player?[/QUOTE] Nothing is stopping that. But when an admin sees that a player has been banned from a load of communities they've never heard of as well as a list of 30 others then they can decide for themselves whether those places actually exist. Maybe they only honor bans from a set location. It's all about the server admin needing to take the final step of actually banning someone. What's to stop someone from any server just gathering steam ids and banning them randomly anyway? What's to stop Valve from VAC-banning someone unfairly and refusing to remove it? What's to stop someone from entering the room and pushing someone off their chair and turning their PC off? The distributed list doesn't deal with people that abuse their power by preventing certain people from playing gmod on _every_ server - It just helps admins make a more informed choice about whether they choose to ban a certain individual.

If someone can't decide whether or not to issue a ban without consulting some compiled list of arbitrary internet points, they probably shouldn't be a server admin.

[QUOTE=ph:lxyz;48640298] But when an admin sees that a player has been banned from a load of communities they've never heard of as well as a list of 30 others then they can decide for themselves whether those places actually exist. Maybe they only honor bans from a set location.[/QUOTE] Your system puts a lot of faith in admins here. Not only does it expect them to not outright ban a low-rep player, but it expects them to go through each ban and somehow analyse for themselves if each ban is legitimate or not based on a community name. Speaking of, you just mentioned this component. What is to stop an attacker from spoofing the name of an existing community or a name similar to that of an existing community? [QUOTE=ph:lxyz;48640298]The distributed list doesn't deal with people that abuse their power by preventing certain people from playing gmod on _every_ server - It just helps admins make a more informed choice about whether they choose to ban a certain individual. [/QUOTE] If users can't be certain the data in your system's list is accurate, how can they possibly make accurate decisions with it?

[QUOTE=sasherz;48640458]Your system puts a lot of faith in admins here. Not only does it expect them to not outright ban a low-rep player, but it expects them to go through each ban and somehow analyse for themselves if each ban is legitimate or not based on a community name. Speaking of, you just mentioned this component. What is to stop an attacker from spoofing the name of an existing community or a name similar to that of an existing community?[/QUOTE] OK I give up. The design I proposed can't ever help anything. You're right. I wasn't going to implement it anyway - I was just trying to come up with "some" way of doing it. The fact is though, if any list of players exists, someone can block those players. Sure. In fact, I should have stopped arguing earlier really - rather than looking for some kind of reason that it might somehow be useful for anything and persisting. What can be done about global banlists in general then? Maybe facepunch could rule against people creating distributed banlists? Even that won't stop it from happening. There will always be servers though that don't subscribe to such a list anyway. Sure it's not ideal that such a list exists but we can't do anything about it. I'm not sure falco should put code in DarkRP to stop it but maybe robotboy could put code in gmod to do so if necessary, assuming that creating such lists is determined to be against the rules. But it will be a never-ending battle. At least a distributed system is not worse than a global list controlled by a single user - which is what people would default to using in the absence of such a system.

[QUOTE=ph:lxyz;48640494] The design I proposed can't ever help anything. You're right. I wasn't going to implement it anyway - I was just trying to come up with "some" way of doing it. The fact is though, if any list of players exists, someone can block those players. Sure.[/QUOTE] I think the idea by itself is a good one, but I don't think the solution you propose will resist malicious parties efforts to mess with it. If a more robust solution exists, I think that the idea of having a rep system would be a good one. [QUOTE=ph:lxyz;48640494]In fact, I should have stopped arguing earlier really - rather than looking for some kind of reason that it might somehow be useful for anything and persisting.[/QUOTE] How else could you determine if your idea would be effective or not? [QUOTE=ph:lxyz;48640494]OK I give up.[/QUOTE] I'm sorry if I discouraged you, I don't mean to come off as someone trying to stomp your ideas. I come from a security background, and this kind of skeptisism is used a lot in that field.

[QUOTE=sasherz;48640578]I think the idea by itself is a good one, but I don't think the solution you propose will resist malicious parties efforts to mess with it. If a more robust solution exists, I think that the idea of having a rep system would be a good one. [/QUOTE] The more effort I see being put in fixing the flaws of the concept, the more my belief that the flaws define the concept itself is confirmed.

[QUOTE=sasherz] [QUOTE=ph:lxyz] The design I proposed can't ever help anything. You're right. I wasn't going to implement it anyway - I was just trying to come up with "some" way of doing it. The fact is though, if any list of players exists, someone can block those players. Sure. [/QUOTE] I think the idea by itself is a good one, but I don't think the solution you propose will resist malicious parties efforts to mess with it. If a more robust solution exists, I think that the idea of having a rep system would be a good one. [/QUOTE] Well thanks - but I came to the conclusion, not just from your post but also from others that it probably won't be a good thing overall - although it might be "less worse" than what HeX has created, it has other issues, the main one being that many servers will just use the whole thing as an instant-ban list. Hopefully though, it would have been [i]less[/i] abusable and at least been seen as less prone to abuse by people looking for some kind of ban list for their own server and wanting to keep an aspect of control. [QUOTE=sasherz] [QUOTE=ph:lxyz] In fact, I should have stopped arguing earlier really - rather than looking for some kind of reason that it might somehow be useful for anything and persisting. [/QUOTE] How else could you determine if your idea would be effective or not? [/QUOTE] Well, I think it comes down to the fact that ideally, none of us want a global banlist really - and I'm not sure that it would be impossible-enough to prevent abuse, even with this, such that there would be much of an improvement over the current situation anyway... I think some people might be overestimating the determination of someone to get someone else on the ban list - most people just want to avoid being on one themselves, I presume. [QUOTE=sasherz] [QUOTE=ph:lxyz] OK I give up. [/QUOTE] I'm sorry if I discouraged you, I don't mean to come off as someone trying to stomp your ideas. I come from a security background, and this kind of skeptisism is used a lot in that field. [/QUOTE] [/QUOTE] Sure - but at least the idea is out there - it was the combination of opinion that collectively convinced me to give up. I didn't have any concrete plans to make it anyway since I'm knee-deep in SeriousRP gamemode at the moment - so if someone thinks it could form the basis of some kind of discussion then great - but I'm less optimistic than I was when it first occurred to me. [editline]8th September 2015[/editline] [QUOTE=FPtje;48640803]The more effort I see being put in fixing the flaws of the concept, the more my belief that the flaws define the concept itself is confirmed.[/QUOTE] I've already conceded. However, I still believe that having a distributed advisory-list would have been better than HeX's solution - and given that a banlist is GOING to exist eventually anyway (if they don't use HeX's they'll use someone else's) - then at least one that is [b]partially[/b] trustworthy would have been a better competitor and hopefully coax some of the servers away from an individually-controlled one.

Any ban list shall be fiercely attacked. I've seen three of them come by the past couple of months. The first got abandoned by the creator after fierce criticism, the second is HeX' and the third was a workshop addon that RB banned. Either way you put up a good fight. I respect your effort you put in trying to solve the flaws. Nevertheless I remain very pessimistic about the existence of any non-abusable means of sharing bans.

Meh. I dont't think there should be reputation/ban list, but if there's gonna be, then you have to ' request a ban' /bad status on player with proof(vid or SS). With only FP mods/trusted people to check. However people gonna abuse anyway..

I don't know how but there is a server called c00l roleplay and if you join and you are on the Hex list it says that you have been VAC banned which is strange try joining 31.186.250.154:27015 if you are on the list

[QUOTE=serverwatch;48685859]I don't know how but there is a server called c00l roleplay and if you join and you are on the Hex list it says that you have been VAC banned which is strange try joining 31.186.250.154:27015 if you are on the list[/QUOTE] If it tells you that you just got banned, then it's a fake message. It just kicks you with a language-tag "#vac_<can't remember>" that gets translate to the vac message.