Create an account

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[SUGGESTION] Player account organization?


What do you think about this idea? Maybe something to implement in xonotic?

Making players pay? As far as I know, this is completely out of question.

But unique user ID's associated to email addresses are in the works (for the long term, that is)

Well it would be a completely additional system, e.g. lots of free servers, but for those who would like to set up a "protected" one this system would provide the infrastructure. Similar to how there are punkbuster protected server is some games.

It is also not really about the payment itself, it is just a measure to make people value their account.
I doubt however that an email system would work, as it is incredibly easy and free to get a new throwaway email address.

And last but not least, this could be a way for the community to "donate" money for dedicated servers and such.

There will be no official support for restricting a server to a "paid" CA.

Yet still, you CAN set up your own certificate authority, and take money for a certificate. You can also set up a server that only accepts players from that CA.

What does NOT exist in my player auth system, and also will not come, is expiring accounts. Any account, once signed, is valid forever. You could use rotating CAs, and remove the old CAs from a server at the end of the year, and then make a "2009 account", a "2010 account", etc., but what about someone who joins in December? He'd only get an account valid for 1 month.

Also, I do not want to add someone else's plugin for such authentication, but use my own code (I actually majored in cryptography, and even if my own code has serious cryptographic flaws, it just takes someone to point them out and I will understand and be able to fix it). Note that we can NOT use a pre-made SSL library like OpenSSL or GnuTLS, as that also encrypts and does not just sign and authenticate - because if we used one, we would be bound by cryptography export and import restrictions. In some countries there is jail time on the mere import (download) of encryption software, and I don't want anyone to end up in jail for downloading Xonotic. Auth-only would bypass these laws as the government still can read Wink

Also note that cryptographic security for the accounts is absolutely NECESSARY once the accounts are paid for. Otherwise, people can and WILL (I actually know someone who would do it if he could) host hostile servers that will steal your identity, and these people then would abuse it - and if the accounts are worth money, they may even resell the stolen accounts. Not in my neighborhood.

If that system supported Xonotic's way of handling CAs, that would be fine, but it sure will not (e.g. because of lack of expiration date support).

If anything, we can do special accounts that are paid for by a symbolic amount of $0.01 - but actually, we will rather connect this to the forum ID system in a somewhat sensible way, and restrict abuse by certain not yet to be disclosed but somewhat obvious means.
BRLOGENSHFEGLE (core dumped)

The Bot Orchestra is back! | Xoylent Easter Egg | 5bots1piano
My music on Google Play and SoundCloud

Well since I am not technically able to implement my idea it's currently vapourware. I just wanted to put out this idea to the public and hear what people think about it.

Concerning your system: Have you though about making it invitation only, so that every user has a limited number of invites and thus every account becomes valuable?
Another interesting approach could be a system similar to bitcoin ( ) were you have to spend considerable ( cpu ) time to create a encrypted key, thus you can't create a bunch of accounts easily.

Last but not least, will your system be open to other games?

Lol @ your signature btw

Have you considered the impact such things would have on newcomers? Certainly not a good one at all. And you can be sure some will be disappointed enough to spread the news that Xonotic is a closed game.

Since this should not be a forced system, there should always be servers that don't use it. There could also be specific n00b servers, which would have the benefit that all the good players play on the closed servers.

But lets be honest, what is the bigger problem? Having a big disclaimer on the website explaining the system and maybe loosing some extremely stupid n00bs, or having no protection against cheaters and other people that misbehave in the game (arguably even more of a turn off for most new players)?

"no protection"? We would have MUCH more protection than we already have, with this system.
And tell me whose responsibility it would be to run the server with absolutely no protection, i.e. the server that every single troll will want to raid? And what kind of player would prefer this over calmer protected servers?
(EDIT: this is also why we have no passworded servers)

Well, yes probably. But what is your suggestion, leaving it as it is and not thinking about some sort of protection at all?

No, my suggestion is that we don't drive newcomers out with restrictive access to multiplayer, and that we instead use an intermediary level of protection (i.e. associating accounts with mail addresses and blacklisting disposable mail domains). This will be a huge improvement over what we currently have (i.e. nothing at all)

Well if you blacklist stuff like yahoo or gmail that will be an even bigger entry barrier than what I am proposing, and if you don't then your protection is so weak that it is probably not even worth implementing.

Uh I said blacklist disposable mail domains, for example mailinator. And it is worth implementing, as your suggestion or something else would have to be based on that model anyway.

newcomers will never start to play then!
[Image: 788.png]

(08-21-2010, 09:43 AM)divVerent Wrote: Also, I do not want to add someone else's plugin for such authentication, but use my own code (I actually majored in cryptography, and even if my own code has serious cryptographic flaws, it just takes someone to point them out and I will understand and be able to fix it).

Just to clarify: when you refer to "my own code" and "cryptographic flaws", you still intend to use already existent cryptographic algorithms and only worry about the implementation side, right?

I have no cryptography knowledge other than an university course, but I can still do some research or basic review, if needed.

That is what he means, yes.

Possibly Related Threads…
Thread Author Replies Views Last Post
  [SUGGESTION] Patreon/Librepay account Kim Jong-Ben 3 4,371 04-04-2018, 12:44 PM
Last Post: Kim Jong-Ben
  [SUGGESTION] Display nic names + account control ? lunitix 17 19,679 12-17-2010, 03:06 PM
Last Post: nowego4
  [SUGGESTION] Community organization SinSniper 16 18,951 11-16-2010, 02:19 PM
Last Post: PGP_Qz
  [SUGGESTION] Xonotic should get a Flattr account! paperclips 4 5,727 06-05-2010, 03:33 AM
Last Post: paperclips
  [SUGGESTION] Organization -kill- 4 6,007 05-13-2010, 06:35 AM
Last Post: Cortez666

Forum Jump:

Users browsing this thread:
1 Guest(s)

Forum software by © MyBB original theme © iAndrew 2016, remixed by -z-