Changes required for honorspy to be fixed
Streamsnipe opened this issue ยท 6 comments
In order to combat spoofers like myself, you need to change the addon so it does this:
- All entries can only be added via inspecting another player directly or from being shared with an authorized player
- All tables can only be updated via manually sharing in a trade-like manner with another player. This allows players to decide who they want to share the db with. The protocol will work as such, it will send out a request to update to another player, and that player must also send a request to update within a 5 second window. Allow this to be only initiated via whispers. If this happens, both players accept information from eachothers databases. This prevents an attacker from knowing (1) when the trade is initiated (2) with whom the trade is initiate and so their data will be ignored. This gives the user the opportunity to put that user on ignore which prevents any messages. This will allow them to build a 'authorized' database.
- In a case where somehow this system fails, allow the users to revert back to a prior version to the database.
- Maintain two types of the database. An authorized and an unauthorized. This allows people to see all of the 'correct' honor on their authorized list and all of the rest of the worlds data (which can be spoofed, but should be used to get an idea of who else is ranking). Also allows feature separation.
- Allow users to create a 'group' and one person becomes the group master. The group master then tells the addon whom to add to the group. The group master will collect all information from those in the group and broadcast the master list to everyone. The authorization process followed should be from (2). The group master will set a password. For users to send/receive messages to the group master the users in the group must add the password to their addon.
- The group master can blacklist entries it deems fake. If anyone sees an identical match to that which is on the blacklist it will remove it from everyone in the group.
- Authorized group size is limited to 100 to prevent spam.
- All players in the auth list can manually collect entries and 'propose' them to the group master. The group master must manually accept them into the db.
Any other critiques and suggestions are appreciated. My solution is not flawless and I assume there are things wrong with it - point them out and we can begin developing.
If you're friends with a friend of a friend who has a corrupt database then it ruins it
I have currently 3900 Fake player entree's they haven't gone away since last reset. at this point it makes honorspy in that aspect useless...to gage where I actually am compared to others
This is all about fake data, which is reported in here #58, please continue converstation in there