masterofjelly Posted January 30, 2015 Share Posted January 30, 2015 Suggestion Name: Encrypt game traffic Suggestion Description: Please encrypt all game traffic with forward-secret ciphers. Any example images: none Why should it be added?: Mainly for privacy reasons, but in times where big governments are spying on everyone, encryption is the only answer. I'd suggest to use TLS with EDH or ECDH Key exchange (preferably the latter), which gets you perfect forward secrecy. Also you should encrypt your API and refuse non encrypted requests to protect passwords. Link to comment Share on other sites More sharing options...
Mike Dragon Posted January 30, 2015 Share Posted January 30, 2015 Uuh... why exactly would we need that in a video game about driving trucks? If they want to spy they could just buy the game and lurk about in-game. I personally have nothing to hide. Some people should really get a license before even thinking about buying Euro Truck Simulator 2 or American Truck Simulator. Drive safely, folks! < < < Don't bet on sinking ships because they'll turn your chips to trash! > > > Link to comment Share on other sites More sharing options...
Flashylights Posted January 30, 2015 Share Posted January 30, 2015 just let them spying its just a game we are not hackers Link to comment Share on other sites More sharing options...
masterofjelly Posted January 30, 2015 Author Share Posted January 30, 2015 Having nothing to hide doesn't mean you should not encrypt. If nobody encrypts, those who need encryption (like Mr. Snowden) are instantly targeted. It's a meaning of having enough cover traffic. Also, good encryption pisses of the NSA and GHCQ (which is always good). Proper encryption does not harm you, it doesn't make anything worse than it is currently. But it also ensures data integrity; encrypted streams are virtually impossible to tamper with (which again makes cheating harder). At least if you don't care about the government watching you for no real reason other than "lulz we can", care about because it makes it harder for cheaters. There is no reason not to encrypt, if it can be done easily. And adding encryption code to the network layer is easy - because it's transparent to you. If you don't watch the traffic in wireshark or something, you wouldn't even notice if it's done right. Link to comment Share on other sites More sharing options...
Flashylights Posted January 30, 2015 Share Posted January 30, 2015 Having nothing to hide doesn't mean you should not encrypt. If nobody encrypts, those who need encryption (like Mr. Snowden) are instantly targeted. It's a meaning of having enough cover traffic. Also, good encryption pisses of the NSA and GHCQ (which is always good). Proper encryption does not harm you, it doesn't make anything worse than it is currently. But it also ensures data integrity; encrypted streams are virtually impossible to tamper with (which again makes cheating harder). At least if you don't care about the government watching you for no real reason other than "lulz we can", care about because it makes it harder for cheaters. There is no reason not to encrypt, if it can be done easily. And adding encryption code to the network layer is easy - because it's transparent to you. If you don't watch the traffic in wireshark or something, you wouldn't even notice if it's done right. that cheaters for money and xp will be in beta so that it will be server profile Link to comment Share on other sites More sharing options...
Faern Posted January 30, 2015 Share Posted January 30, 2015 I personally have nothing to hide. Ok then, please post: Your bank account number + online banking login Real name and full address Times when noone is at home Email address and password Steam login and password Don't want to post one of them? Don't use such a sentence if you don't mean it! Regarding topic: Many modern multiplayer games encrypt their traffic. Not so much for privacy reasons, but to make it impossibe for players to manipulate the game traffic by injecting additional packets, altering or ommitting packets. Link to comment Share on other sites More sharing options...
masterofjelly Posted January 30, 2015 Author Share Posted January 30, 2015 Without having looked at the game binary or the protocol deeply, I can almost guarantee that there are exploits - like a wallhack for example, or some kind of warping / speedup. Something can be done with pure memory edits, but others would use tampering with the protocol data, which can be done with a simple python script. Belive me, I've done this already (not with ETS2MP but with designated hacking games). Once the game traffic is encrpyted, you have no chance tampering the data with a proxy if you don't do a man in the middle-attack. But doing crypto right is also about verifying the other party, so you can mitigate this if you do it right. Link to comment Share on other sites More sharing options...
Mike Dragon Posted January 30, 2015 Share Posted January 30, 2015 Ok then, please post: Your bank account number + online banking login Real name and full address Times when noone is at home Email address and password Steam login and password Don't want to post one of them? Don't use such a sentence if you don't mean it! Regarding topic: Many modern multiplayer games encrypt their traffic. Not so much for privacy reasons, but to make it impossibe for players to manipulate the game traffic by injecting additional packets, altering or ommitting packets. Oooooh, suuuure. Take every single word I said as literal as you possibly can. As if you did not really understand what I meant. Or perhaps you really didn't. In which case that is something to be concerned about. And anyhow, those data are material that all of us are subject to have leaked in a way or another. Yourself included! It's not encrypting a video game that will decrease and chances of it all not happening. Besides, I'm just an ordinary citizen like you. Even if the government wants to know those information about me, there is absolutely nothing in my life that could be of interest for them or that I would want to keep in secret. And adding yet another besides, half of those info are already of their knowledge. And what isn't can easily be acquired with a permit if so the government want. Something that would only happen if I were under investigation for some sort of crime. Which I am not. Think further before you poke someone with such literal "understanding" of their phrases. That was unnecessarily rude. Some people should really get a license before even thinking about buying Euro Truck Simulator 2 or American Truck Simulator. Drive safely, folks! < < < Don't bet on sinking ships because they'll turn your chips to trash! > > > Link to comment Share on other sites More sharing options...
masterofjelly Posted January 30, 2015 Author Share Posted January 30, 2015 The fact that you are offended by this tells me that there is a need for encryption. Mind you, not only the good guys can intercept traffic. Link to comment Share on other sites More sharing options...
Mike Dragon Posted January 30, 2015 Share Posted January 30, 2015 The fact that you are offended by this tells me that there is a need for encryption. Mind you, not only the good guys can intercept traffic. No, I am not offended. Unpleased, yes, but not offended. Your remark was simply uncalled for. I am well aware of the risks I run everyday online. I'm a IT professional by profession. What bothered me is how literal you took me when I was obviously not referring to those specific kind of personal data when I said I have nothing to hide. Everyone needs to keep some of those info secret. That's just too obvious to think otherwise as you made it look like you did on your reply to my initial post. Some people should really get a license before even thinking about buying Euro Truck Simulator 2 or American Truck Simulator. Drive safely, folks! < < < Don't bet on sinking ships because they'll turn your chips to trash! > > > Link to comment Share on other sites More sharing options...
masterofjelly Posted January 30, 2015 Author Share Posted January 30, 2015 You do realize tough that I am not Faern? Also please don't play the "i have nothing to hide" card while discussing crypto. There is no reason not to encrypt. Link to comment Share on other sites More sharing options...
S2020 Posted January 30, 2015 Share Posted January 30, 2015 Not just governments, anyone in control of your LAN/WAN (be it your company, be it your ISP or just owners of Wi-Fi you connect) etc. can parse your data. Even highly unlikely they get interested in ETS2MP data, client uses Oauth system (a hash) to send user / password combo already (if your concern was about account security) "Trucking is like love... Only newbies go fast and end up early " Link to comment Share on other sites More sharing options...
Mike Dragon Posted January 30, 2015 Share Posted January 30, 2015 You do realize tough that I am not Faern? Also please don't play the "i have nothing to hide" card while discussing crypto. There is no reason not to encrypt. Ugh. It seems I mixed up two replies into one, there. My bad. Anyhow, since we are it, I never said there is no reason to not encrypt. I just meant that it doesn't seem really necessary in the case of this game/mod. Some people should really get a license before even thinking about buying Euro Truck Simulator 2 or American Truck Simulator. Drive safely, folks! < < < Don't bet on sinking ships because they'll turn your chips to trash! > > > Link to comment Share on other sites More sharing options...
masterofjelly Posted January 30, 2015 Author Share Posted January 30, 2015 Not only Account information, generally any tampering with the game protocol. Also, encryption isn't about necessity either. Encryption should be the default, not the exeption - for any means of traffic. Link to comment Share on other sites More sharing options...
Faern Posted January 30, 2015 Share Posted January 30, 2015 I was trying to point out to you (in an obviously provoking way) that the "nothing to hide" argument is complete nonsense. That argument is used out of ignorance by too many people and is simply annoying because it is wrong on so many levels. It is so infamous that it even has an entry in Wikipedia.The argument is understood by governments as your agreement for even more surveillance and cut down of civil rights. So, please don't ever phrase it like that. If you don't have a problem with chat messages and game data being sent in plaintext that is a perfectly valid opinion. Please, just put it like that. I don't see privacy as a good reason for encryption of ETS2MP traffic either. However, as anti-cheat mechanism regarding traffic manipulation, it would be quite useful. Link to comment Share on other sites More sharing options...
Recommended Posts