02-06-2025, 03:56 AM
This applies if your add-on contains any of the following:
Please place warnings close to your download link if your add-on is affected, unless the networked capabilities are obvious, such as something branded like "chat client". There has been a problem over the last 10 years with add-ons (particularly Support_Updater, though that's not a real add-on) spying on users and reporting on users connecting to servers with it installed.
If you are an add-on developer and are using Support_Updater, you need to delete Module_Statistics.cs in the "modules" folder. Remove the exec() call to this file in common.cs. This part of the module uploads the name, BLID and IP address of everyone who connects to your server.
You must also modify function UpdaterRepoSO::queryRemote() in UpdaterRepoSO.cs in the "core folder" and remove these lines:
The module sends your username with every single query in most cases when each add-on queries its respective repository for updates.
You may not post any original add-ons (if you own them) with Support_Updater in this board without applying those fixes in some way. Additionally, try to default to asking for user permission at least once before using networked features. We don't need add-ons that instantly expose user data without consent or interaction.
I specifically wrote a mitigation in 2017 to stop Support_Updater's spying. I wrote a more advanced mitigation last year to cover more cases. Please read the add-on page or description files inside the ZIPs to learn more.
- Auto-updaters
- Trackers
- Any networked features
Please place warnings close to your download link if your add-on is affected, unless the networked capabilities are obvious, such as something branded like "chat client". There has been a problem over the last 10 years with add-ons (particularly Support_Updater, though that's not a real add-on) spying on users and reporting on users connecting to servers with it installed.
If you are an add-on developer and are using Support_Updater, you need to delete Module_Statistics.cs in the "modules" folder. Remove the exec() call to this file in common.cs. This part of the module uploads the name, BLID and IP address of everyone who connects to your server.
You must also modify function UpdaterRepoSO::queryRemote() in UpdaterRepoSO.cs in the "core folder" and remove these lines:
Code:
//send the username with the query
%uname = "user=" @ urlEnc($Pref::Player::NetName);
%query = (strLen(%query) ? %query @ "&" @ %uname : %uname);The module sends your username with every single query in most cases when each add-on queries its respective repository for updates.
You may not post any original add-ons (if you own them) with Support_Updater in this board without applying those fixes in some way. Additionally, try to default to asking for user permission at least once before using networked features. We don't need add-ons that instantly expose user data without consent or interaction.
I specifically wrote a mitigation in 2017 to stop Support_Updater's spying. I wrote a more advanced mitigation last year to cover more cases. Please read the add-on page or description files inside the ZIPs to learn more.