This is to do with Steam profiles and nothing to do with Rust. And it's also largely nonsense.

bucksexington,

I reported the incident in the RUST session I was playing using F7. THIS OCCURRED IN RUST WHICH MAKES IT RELEVANT. I wrote a properly labelled rant in the forums here. Rust uses Steam. Steam Profiles are integrated in to Rust. See the connection? I hope so. I can’t make this any more clear. Doxxing is real. It happens. Google ‘swatting’ or ‘doxxing’. In general: someone does something dipshit and pisses of someone… other person looks at other persons profile using the playerlist integrated into Rust. I’m not going to hold your hand to figure out how people abuse/harass others through YOUR game and on the platform YOUR game uses. This might help though: http://bfy.tw/5fq

I’m sorry that you feel that the issue is not legitimate. I even labeled it properly as a rant. I gave the example of Blizzard learning the hard way. You closed my thread and called it nonsense.

My only other post was one in trying to help others play YOUR game due to the bugs in YOUR product. I play for enjoyment and fun (some raiding) :slight_smile: – but if this is how you treat your players with a legitimate issue with how the platform YOU use is exploited and abused to harass your player base… Then I’m done here.

Blizzard said Real ID would be back. Value doesn’t give a shit: family/privacy mode is a joke. Apparently Facepunch… ? Bans for the issue being nonsense. Okay.

For any of the other players out there: This is the typical response that Devs, Value, Blizzard and most video game companies now have in regard to user privacy.

Ban if you like but I will require a FULL purchase price refund for both GarrysMod, RUST and any other Facepunch games I own as: I was not doing anything other than reporting an issue with a properly labelled rant flair and tagged in the post while you are denying me access (banning) to a product I paid for reasons other than cheating or violations of the EULA.

Have a good one.


‘its only a game brah.’

This however is a more constructed post.
Your previous post seemed like a deranged child looking for attention,thus the closing of that thread.
Amazing what happens when you spend the time to actually address a situation vs taking it on as a lunatic

Heh… been playing too much Rust… Have you tried it? :stuck_out_tongue:

Maybe I misunderstood the ‘rant’ flair and tags. Hence, the TLDR at the top of the post and the <rant> </rant> with rant flair throughout… But point well taken. I’d clean it up more but… meh. Locked :stuck_out_tongue:

The community features of Steam and Steam’s thorough integration with multiplayer servers using Steamworks is intentional. Players are encouraged by Steam to make friends by finding other players’ profiles from within games. There used to be a feature that would show you a short list of players you recently were in a server with, on any game that integrated Steamworks for its server lists.

You are not meant to put your street address on your steam profile, nor your real life photo, unless you are comfortable with it being public. If you are not comfortable with it being public, Steam provides a feature to make your profile private so that nobody but you can see what is there.

It is not Facepunch’s problem that you are losing your mind by not understanding what these profiles are meant to be used for. It isn’t the same thing as facebook.

You are also not entitled to a refund for those reasons. What do you mean you were banned from the game? You didn’t explain that.

This seems to be the main issue here, what product have you been banned from ?

Your thread was locked because you are shouting about something without really explaining what the issue is very clearly, and it didn’t seem like you’d get there to be honest. And as far as I could figure out, what you wrote was a problem with Steam rather than Rust.

Now you apparently have, I’m still not getting it. We have a game on Steam, a platform that has lots of social features that we have no control over. There’s something about the F7 menu and you being banned, and there’s stuff about doxxing and SWATTING, and you not going to hold our hands which means you’re not explaining the issue at all, so this still comes across as you shouting at the wrong people.

And if I could understand the issue, and believed this was a problem on our end, I’d care and try to help, despite your allegations otherwise. But this really doesn’t seem like it.

If you set your profile to private, there are several glaring security holes with being able to view the players profile as well as being able to any other publicly group or community-connected folks to find the real information of players. I CANNOT go into any more detail without crossing a gray area that I will not cross. Valve refuses to do anything about it, your software is being exploited due to the integration. DOES THAT MAKE IT CLEAR?

Let me make this abundantly clear: I’m asking for it to be addressed and: Valve doesn’t give a shit, and Facepunch doesn’t give a shit. Okay. No problem. At this point as a customer, I’m happy to walk away and purchase products from companies who DO care about user privacy and are not calling security holes: features.

Calling it non-sense and not an issue is a problem. Calling into question my mental health is a problem. The issue of doxxing will continue to happen as long as companies like Valve, and Facepunch IGNORE folks like me that point these things out. Let me be clear: I am using privacy mode. I am using family mode. And yet… the problem still exists thanks to the “through integration.”

And once it is enabled it is FOREVER exploitable. So let me be clear again: it doesn’t work. I’m sorry you can’t understand or refuse to understand it. I reported an incident in which, players were using friends of friends on even private profiles to find information leading to facebook, linked-in, and or other social media. Google it. I cannot describe in more detail without putting myself in a legal gray area for describing something that could be used to harm people in REAL life. DOES THAT MAKE IT CLEAR?

Thanks for the helpful advice. I’ll worry about my mental health and you can keep your personal attacks to yourself. The issue for those who are unable to understand it: Players ARE abusing the information genned from the PROFILES “intentional” … "thorough integration " It is Facepunches problem that the information gleaned from the profiles regardless of privacy mode can be used to harass/doxx players in real life. That is a problem.

Let me spell it out to you in more ‘legal’ terms: the user was agitated by an incident in a virtual ( ‘RUST’ ) and using the “thoroughly” integrated social integration features was able to locate the victim. Both the companies were warned about it and willfully ignored the issue. Clear?

I am not currently. However, it appeared that your admin was threatning to deny me services I paid for through steam. If your company denied my steam account legitimate access to a application (rust/gmod etc) on my steam library for non-eula/cheating violations – that would be a very good reason for a customer to demand a full refund as well as Facepunch studios receiving a BBB complaint. Is that more clear?

However, perhaps your forum administrator, was thinking of using the ban hammer here on facepunch.com.

Who has threatened you with a ban? bucksexington locked your thread, said the issue was with Valve’s social features, and said the rant was mostly nonsense (because you didn’t formulate your thoughts properly), and I don’t see anything more than that?

Forum bans don’t translate into bans on Steam, at least not that I’ve ever seen (disclaimer: I’m not a mod, but I’m confident in saying it doesn’t work that way).

And, am I understanding your issue correctly that people who put things on their Steam profiles can then be identified offsite by them, even if they set their profile to private later? It’s their fault for putting it there to begin with, but if there’s an exploit in Steam’s profile security system I can see the concern. That’s a Steam issue and the fact that Rust utilizes Steamworks does not make it something the Rust devs can do anything about. Like, literally, what are the Rust devs supposed to do to fix a Steam profile issue other than bitch at Valve for you?

Making your profile private means only friends can view it, if you’re friends with someone that would give information off your private profile, you need better friends. Because you can’t fix social engineering as long as there’s stupid people in the world.

You can’t fix stupid. True.

If you have an issue with linking social media accounts then don’t … nobody is forcing you.

It appears you may have a problem with a community admin having your private information? I’m struggling to understand what you are trying to say as you are saying we don’t understand then not giving us any more information, you are risking a ban from the forums due to opening a locked thread which is a bannable offence but I’m trying to give you the benefit of the doubt here because you are struggling to get your point across in a way that makes sense.

It was… a rant. Honestly, after posting felt better… I thought that was the point of a rant. Maybe someone who can actually do something about these problems will see it and address it. I’d edit and fix if it was unlocked or if mods just want to delete that post I’d be okay with that too. But I’m pretty much done with this… once you see how easily it exploited I don’t want to play any multiplayer games any more because user privacy is not a consideration any more.

You… actually wouldn’t.

Dunno. Was implied. Really dunno.

Yep. Rust uses the Steam. Saw the issue being exploited IN Rust. They are connected due to the ‘integration.’ Valve doesn’t give a shit. Try to talk to support. Good times. Even if you manage to get through, as a customer Steam blames Facepunch, Facepunch blames steam. It is somewhat apparent that Facepunch is unable or unwilling to address it either. **<< ninja edit Facepunch cares. :slight_smile:

I’d fix my rant if its unlocked or if an admin wants to just delete it – I get it it looks really stupid and childish. Would be obliged if it went the way of the dodo.

[editline]27th April 2016[/editline]

The forum here is separate from the Steam Community Profiles. No issue with the facepunch.com forum. The Steam Community Profiles are by design, exploitable in such a way that even for users like myself that ARE in privacy or in family mode can find their personal information posted within Rust. Rust uses Steam, Steam uses Steam Community Profiles. Valve doesn’t care. At least someone at Facepunch does :). Thats… actually encouraging. :slight_smile:

I don’t use social media – I have friends that do. And through them, through the way steam integrates the profiles, users are able to glean enough information to make real life threats FOR PEOPLE, like myself, that run in private or family mode. I don’t want my nephews dealing with these ‘srs’ rust players that get all crazy. It is a problem. Valve doesn’t care to fix it… so… I was just <ranting>.

The easiest way to fix it would be to (keep f7 report!) but to have the Rust game and the Steam Profiles RESPECT privacy and family mode so that they DO NOT display anything eg – no profile no anything while in privacy/family mode. I understand you cannot do anything much about Valves side.

I understand. I had no other way to respond than to re-post though. :frowning: I’d be obliged if the rant was just deleted… My apologies to the community for… ranting. I was … really disturbed by how EASILY it was accomplished and that Valve didn’t give a shit… but at least Facepunch listens. My apologies for ranting… if you could delete my rant I’d be obliged. If your personal information was posted you’d be … probably as upset as I was. :frowning: I didn’t say anything in-game or in chat… I don’t know if they knew they hit it or not but… fuck. Wasn’t fun to game that day.

I still don’t really understand the issue.
Did you link your Facebook account to Steam or did you post something that could easily be traced to only your Facebook account?

Perhaps it would help to describe the issue in a PM to one of the Rust devs, since you seem to be reluctant to detail the exploit in public for fear of a ban or cops or something. I’m not going to volunteer Holmzy or buck (in other words wait for an invitation to PM, not just because I said so), but that might at least cut through the bullshit and not waste any more of their time with dancing circles around the issue.

I’m pretty confident that if Rust is somehow displaying more information about profiles than Steam’s security settings allow, the devs will look after that. If the issue is that Rust reveals family share links if you know how to get the info, that info has to be accessible to at least server admins in order to help close the family share loophole for cheating. If you put something on your Steam profile and you don’t want it to be shown, it shouldn’t be on your profile. I could give you my Steam profile and I’m 99% certain you wouldn’t be able to even get my first name, but I’ve also seen minors with their full name and location and photo avatar on their profile and sure enough Facebook turns up a profile for the same person at the same place with tons of other shit set publicly. And if that’s the issue the issue is the user, not Rust nor Steam.

If you would have asked me to clarify rather than locking it and calling it non-sense… I would have fixed it up and tried to communicate the problem more clearly. I was upset. If your personal information was just splurged all over the screen (in rust) you’d be upset too.

Wow I communicated that badly eh? Okay–

  • F7 Report feature is fantastic keep it. :slight_smile:

  • me being banned: I wasn’t sure if I was going to be insta-banned in steam rust and forum for reopening topic… rules is rules.

  • ‘doxxing’ collecting information to harass/intimidate someone in real life… ‘swatting’ is false reports to law enforcement. <<-- ninjaedit: defining terms… see below.

  • not holding your hand: it seemed like you were saying that doxxing didn’t exist and that it was not possible – so… linked a ‘let me google that for you’ to ‘doxxing’ it does happen. :frowning:

  • shouting at the wrong people: man… I need a sign or something to wave around. :slight_smile: My apologies FP/community.

I believe you. I do. It just seemed implied that the issue was ‘just non-sense and not possible’ and then you straight out locked the thread. I think this is more a Value issue than a Facepunch issue. Incident was in Rust… so that’s why was here. Valve isn’t going to fix it… its by design and… well either just go 100% offline and just play singleplayer Rust (woohoo…) or just move on to another platform I guess. Dunno.

Someone hold my beer? I need to make a fool of myself more. :slight_smile:

[editline]27th April 2016[/editline]

TLDR: The underlying issue is that Steams API / Steam Community profiles don’t respect the privacy mode & or family mode (and by extension neither does Rust – regardless of FP’s ability or wanting to).

Player profiles SHOULD be visible to server ops and the reporting system. I understand that. However – the type or style of profile should NOT be apparent for normal users or through friends of friends. They should be EASILY and readily REPORTABLE… but not pullable.

I don’t want to share,… specifics… because other people could easily take advantage of this and – If indeed it is a Valve side-issue “by design” the problem could be around for (Valve) time and exploitable in all Valve Platform Games. And… well I don’t wanna deal with people blaming me for being the one reporting it… etc.

If a user is in privacy / family mode (even with chat disabled or enabled) the profile itself is still ‘pull-able’ via friends profiles of friend. My profile is in privacy mode with family mode enabled. Using a few… “fancy” … web pulls … it is possible to pull the full steam community profiles via friends of friends. My profile is blank. In my case, there was enough from other folks posting on my profile (which I have less/no control over) that my personal info found and posted within the Rust game. A bit upsetting. :(.

I ended up just setting everything to 100% private, deleting all posts from others making it so they cant post etc, disconnecting my youtube channel all that. But… thats drastic. Due to the design flaw… and how easily it can be circumvented… unless you just don’t give a shit or have no loved ones… you can’t play the game and just goof off playing Rust … as designed – without the possibility of someone taking the game a bit too seriously.

That leaves: Single player Rust… Woohoo. :frowning:

You are still explaining everything really badly. How can someone magically access all of this personally identifiable information (Enough to find Facebook pages, make threats etc) through Steam even when you don’t have any of it attached to your account?

I can understand if there was some sort of exploit to glean information that is on a profile that should be private as there have been holes like this in the past, but again the link is not clear between you saying ’people can access info from your profile even if its private’ to *‘people can find your social media accounts and your real life address/details through Steam and there’s nothing you can do about it’.
*

Secondly you are not in any kind of ‘legal grey area’ posting about exploits on their platform. How something like this can be done or very specific details about it can easily be given without actually giving a step by step on how to do it. That and as we all know exposing exploits like this is the fastest way to get them fixed, if someone was abusing something like this then why warn people but not bother exposing it?

Apologies but you just sound like a raving looney unless you actually have a clear and concise explanation about how this is achieved and what information people can get from your account exactly. I have never witnessed or heard of anything like this right now both on Steam or within Rust and I usually have my ear to the ground for these kinds of things. My immediate assumption upon hearing a story like this would be that someone shared a little bit too much information on the net, or their Steam/one of their past Steam usernames wasn’t generic enough and someone was able to find their social media accounts/email just through Google.

*EDIT

I re-read above post and realize you said that basically it’s possible to see private profiles. Even if this is possible, all you have to do is not put personal info on your profile/ask your friends not to put your own personal info on your profile?

Even then my point still stands of if you actually know that this is happening/how it is done then you should be revealing how it is done. Ranting about it being possible but not saying anything further than that only allows the very people you are complaining about to continue exploiting whatever it is without anyone knowing about it.

Why not disclose what it is to someone like Bucksexington now that you have his attention?

If you are saying that you have found a code-based means of exploiting Steam’s servers into displaying privatized information, you should PM a moderator in this thread with the full details. This would then be worth considering Rust-based ramifications.

If you are only saying that untrustworthy or unwitting friends/family make poor social media choices, that is not the fault of facepunch and it would be ridiculous to expect the developers to remove community features because of your/your family’s own poor management of your accounts.

No you are waaaay wrong here. There is a HUGE legal liability. I don’t want money. I don’t want anything but a working privacy mode.

https://www.eff.org/issues/coders/vulnerability-reporting-faq#faq3

Because I’m a raving looney making non-sense. (Kidding I get it – my old rant is still up please delete it is … embarrassing).

I’m going to have to talk to a lawyer first. - https://www.eff.org/issues/coders/vulnerability-reporting-faq#faq13

Okay. Working as designed then. The exploit (and others) will function as long as a proper privacy mode is not implemented. Period. End of discussion.

No. The people that are taking advantage of this will do this regardless because of the refusal of Valve / the Steam Platform and Associated games to implement a PROPER privacy mode. This would NOT be an issue if a PROPER privacy mode was implemented.

This is as specific as you are going to get until I talk to a lawyer:

I think its the same as this only client side:

The limit seems to be who is a friend of a friend. It seems to be able to peek through steam family accounts as well.


See the above EFF links for WHY its a really bad idea for me to continue even having this discussion – sorry I cannot talk to any of you privately or publicly any more. Please delete my … earlier rant post. :slight_smile:

[editline]27th April 2016[/editline]

I will have to talk to a lawyer first. EFF says this is a VERY bad idea.

All of your customers personal information is potentially exposed due to a poorly coded API. If you want to be snarky (as your coming across) about it: it would be ridiculous of your customers to continue being customers if you choose to willfully put our personal information at risk.

Also… might be willful negligence.

I can’t talk about this publicly or privately anymore until I talk to a lawyer. Sorry.

It seems like you should be talking to Valve about this instead of FP, because honestly, if you’re asking for Rust to just not implement Steamworks properly to cover over Steam privacy problems you refuse to detail, I think you’re going to be disappointed.

i am so confused by all of this. your attempts at “nondisclosure” make it practically unreadable, and i don’t even want to start about the rant thread which was like mud. if you need to talk to a lawyer, fine you do that. but for anyone to understand you, they need to understand what the hell you are on about. and for that you need to provide some actual information, not vague insinuations.