[Bug] Screenshots being sent online automatically

[not_payl_obviously]

There is bug in anticheat library, which makes game send screenshots online each time you take screenshot name starting with x. This is related to anticheat screenshot system, but I found that this is privacy problem, so Jitspoe please add something to prevent sending screenshots created by user. Possibly ekhm, renaming commands would help.

EDIT due to confusion:

Below is description of problem:
Jitspoe anticheat monitors for command screenshot that can be issued both by server and client (locally too), and if it starts with x, anticheat tries to change path by following rule: Characters: slash,backslash and space are replaced by underscore (I think I know why this rule was made, but it's not "internals of screenshot system", it's bug report), then game tries to send that file to dplogin.com.

[Clipz]

This is not a bug sir.

[not_payl_obviously]

This is not a bug sir.

Any screenshot name that starts with x is sent, only screenshots taken by anticheat should be sent.
Don't worry Clipz, I bet I know screenshot system better than you .

[T3RR0R15T]

It's a feature, not a bug

[not_payl_obviously]

It's a feature, not a bug

So we should treat anticheat as privacy and possibly security hole? Then I believe I should publish fix for anticheat so you won't leak information.
I'm still waiting for jitspoe opinion on this, but if it won't be fixed, and is not mentioned anywhere, I'll treat testw.dat as dangerous file and will work on patch to disable systems that can leak your information...

[jitspoe]

So we should treat anticheat as privacy and possibly security hole? Then I believe I should publish fix for anticheat so you won't leak information.
I'm still waiting for jitspoe opinion on this, but if it won't be fixed, and is not mentioned anywhere, I'll treat testw.dat as dangerous file and will work on patch to disable systems that can leak your information...

What information is leaked?  Your score?  What team you're on?  What "private" "information" are you worried about "leaking" in the case where you very deliberately take screenshots in such a manner that they will be uploaded to a private location that only the dplogin server admin has access to?

[Rick]

Any screenshot name that starts with x is sent, only screenshots taken by anticheat should be sent.
Don't worry Clipz, I bet I know screenshot system better than you .

So you're saying that if you type "screenshot x_testpayl" that that screenshot will be uploaded? Rather than only when using the "top secret committee screenshot bind"?

**Not sure if I'm the only one that got what he is saying or if I'm the only one that took it too far**

[FusSioN]

Who would name demos starting with an X? Yeah I know the answer, YOU.

And yeah, it is a feature.

[Rick]

Who would name demos starting with an X? Yeah I know the answer, YOU.

And yeah, it is a feature.

Seeing as we are all talking about screenshots that start with x, who are you saying that to? You seem to have a lot of useless posts on the forums; you don't need to be a part of every discussion, especially when you just come in and say "And yeah, it's a feature" or when you criticize something that you know nothing about.

[Toxiic]

Seeing as we are all talking about screenshots that start with x, who are you saying that to? You seem to have a lot of useless posts on the forums; you don't need to be a part of every discussion, especially when you just come in and say "And yeah, it's a feature".

what payl is saying is( google translate=OP) is that, when you put "X" infront of the screenshots (don't know about demos), it is sent to online file or location( most likely dp), that is viewable to admin of dp or to some online location.

[FusSioN]

Seeing as we are all talking about screenshots that start with x, who are you saying that to? You seem to have a lot of useless posts on the forums; you don't need to be a part of every discussion, especially when you just come in and say "And yeah, it's a feature" or when you criticize something that you know nothing about.

Well, sorry about that.

[Rick]

what payl is saying is( google translate=OP) is that, when you put "X" infront of the screenshots (don't know about demos), it is sent to online file or location( most likely dp), that is viewable to admin of dp or to some online location.

Oh, okay From the original post he says "...each time you take screenshot name starting with x...", which is why I thought it was when you took the screenshot, not when you rename it. So I guess the rest of my post below...

So you're saying that if you type "screenshot x_testpayl" that that screenshot will be uploaded? Rather than only when using the "top secret committee screenshot bind"?

**Not sure if I'm the only one that got what he is saying or if I'm the only one that took it too far**

is right

[not_payl_obviously]

What information is leaked?  Your score?  What team you're on?  What "private" "information" are you worried about "leaking" in the case where you very deliberately take screenshots in such a manner that they will be uploaded to a private location that only the dplogin server admin has access to?

It's not really serious leak of information, but still screenshots I take are mine, and shouldn't be uploaded to remote location without my permission or knowledge. You are right, I might be overreacting with leaking of private information, but still it's a problem.
Functions of anticheat shouldn't affect normal operation of client, that's how it should work. Possibly worst thing of this that it is hidden, not mentioned anywhere and I'm only to publish how it works.
About making it work this way: I was reverse engineering your anticheat and came across this so I made few tests to see how upload works and discovered that check who issued command is insufficient. While screenshots I took are not leak of information as I knew it will be uploaded, not everyone is running with debugger and proxy library to monitor your anticheat.

So you're saying that if you type "screenshot x_testpayl" that that screenshot will be uploaded? Rather than only when using the "top secret committee screenshot bind"?

**Not sure if I'm the only one that got what he is saying or if I'm the only one that took it too far**

Yes, that screenshot will be uploaded if your anticheat is active. There are however few rules how anticheat tries to upload this file.

Below is description of problem:
Jitspoe anticheat monitors for command screenshot that can be issued both by server and client (locally too), and if it starts with x, anticheat tries to change path by following rule: Characters: slash,backslash and space are replaced by underscore (I think I know why this rule was made, but it's not "internals of screenshot system", it's bug report), then game tries to send that file to dplogin.com.
I believe it's shortcut taken when developing screenshot system, but it's wrong assumption that all screenshots named with x leading are taken automatically.

Rather than only when using the "top secret committee screenshot bind"?

Let's say that your "top secret committee commands" are well known by some people that can use debugger.

[pvtjimmy]

It's not really serious leak of information, but still screenshots I take are mine, and shouldn't be uploaded to remote location without my permission or knowledge. You are right, I might be overreacting with leaking of private information, but still it's a problem.

If you were good, you would know how the systems truly works. Please continue looking for the truth, as your current assumptions are not correct.

[jitspoe]

Payl, what is your intention here?  You know full well that this is a non-issue.  Nobody has ever accidentally uploaded a screenshot through this system, and it's not like something horrible would happen if they did.  What good does bringing this to everybody's attention do?  Is this just a troll?  Are you looking for an outlet to display your assembly-reading abilities?  Are you just trying to waste my time (despite complaining that I don't complete enough features/bug fixes)?

I don't really get it.  What are you contributing by posting this?

[not_payl_obviously]

Payl, what is your intention here?

Reporting this bug so I see it fixed.

You know full well that this is a non-issue.

I believe it's a bug and your mistake. I think it's an issue.

Are you looking for an outlet to display your assembly-reading abilities?

No, but those are useful. I think we all know by now that I can do it.

Are you just trying to waste my time (despite complaining that I don't complete enough features/bug fixes)?

Again: No. I believe fix should be simple (i.e. replace X with nonascii character and then change it clientside). I know you are busy person Jitspoe, usually what I mean (with "complaining") is you don't let others help you (or: you don't seek help), not do not enough (I'm always surprised you continue to work on this game).
I still believe it's a bug in your anticheat jitspoe, probably you believed you found good way to do it, and it's kinda good way, but please take more precautions before sending screenshots online.
I do believe there shouldn't be way of accidentally uploading screenshot, so I gave you example what easy fix for this is, this shouldn't waste much of your precious time.
I would fix it for you, but you never were open to help in your anticheat.

What are you contributing by posting this?

Not much, but I still believe even simple bug should be fixed.
As a side note here: When looking on your anticheat it's easy to detect what's new and what's old: Old stuff was written with all cases in mind, new stuff is often less fool-proof, at least from what I see.

[Cameron]

I'm always surprised you continue to work on this game

I'm always surprised you continue to waste your time doing all of this and complaining about it.

[not_payl_obviously]

I'm always surprised you continue to waste your time doing all of this and complaining about it.

What I do is my problem, but you must be surprised that you yourself whine about me complaining.

We don't need such discussions here, please don't post unless you have ontopic information.

[Cameron]

What I do is my problem, but you must be surprised that you yourself whine about me complaining.

We don't need such discussions here, please don't post unless you have ontopic information.

Alright then, lets have a constructive conversation and see where it gets us.

To help me understand your problem with this feature, which of the following are you worried about?
 - the fact that any screenshot taken by the user starting with x gets sent to a private server
 - the fact that screenshots can be taken by selective people who believe you are cheating and sent to a private server for analysis
 - the fact that screenshots get sent without your permission full stop to a private server

[not_payl_obviously]

Alright then, lets have a constructive conversation and see where it gets us.

To help me understand your problem with this feature, which of the following are you worried about?
 - the fact that any screenshot taken by the user starting with x gets sent to a private server
 - the fact that screenshots can be taken by selective people who believe you are cheating and sent to a private server for analysis
 - the fact that screenshots get sent without your permission full stop to a private server

First one, second one is normal, third I don't fully understand: what you mean with "full stop" here?

I already said how it should look: anticheat operation shouldn't affect your game functions. And now it messes up with game (in fact: game was also modified in process: when you shot screenshot with X leading, you don't get "Wrote" message). It was done wrong on many points, which resulted in this simple yet problematic situation. However quite simple patch can be made to fix this, and it shouldn't take too much of jitspoe time.

And let's for a while talk about "screenshots can be taken by selective people" - let's put this straight: JitSecurity is myth. There is no thing called "protection" in jitspoe anticheat. To be fully honest: Jitspoe should take lessons from PAC. I know that he doesn't have time to do everything he would like to, but there is difference in making something and adding something done. That's just a side note, we don't need to talk about this again, many things were said, fact is that only me and Jitspoe really can say anything here (and Jitspoe isn't really talkative). So please don't bring up this topic, most of you don't have knowledge here .

BTW. In time I wrote this post Jitspoe could patch his anticheat to prevent behavior I mentioned.