Subscribe to download
Vandal || Hi-Speed Hijinx

Genuinely one of my favorite modded characters to play right now. Incredibly fun in terms of both mechanics and presentation, even if the impractical urge to try and assemble my graffiti into a particle accelerator tempts me every round like the fucking Green Goblin mask

Yeah I totally understand and respect the caution, it is very justified and comes from a good place. Security and exploitation was something I absolutely kept in mind when developing and setting up the original system, and I went out og my way that no IPs were being logged or stored anywhere, as to prevent a third party malicious actor watching these things. Not that it matters much now that the service is offline. In the future, if I reintroduce the system, I will provide full disclosure and do an additional security pass to make sure that absolutely no compromising cracks can be found. Online security is a very big deal, and I don't want you to think you're strange or rude for concerning yourself with it. I deeply appreciate the concern. :)

(cont'd)

Even if you don't care about that information. a malicious actor might. At the endpoint, it looks like Heroku places the burden of responsibility for keeping it secure on the developer, so you would have to be willing to protect that data. Of course, you could be turning off IP logging, but an end user doesn't know that without being told. And if you're not, there might need to be extra steps taken to ensure that you don't land yourself in any legal trouble from GDPR and its ilk—as far as I can tell, IP addresses do count as personal information!

It doesn't seem like there's a need to push for full disclosure at this moment, since it's not being used at all—unless you'd rather preempt questions like mine—but if it is eventually made to work, I'd hope you would disclose it and consider all of the implications that has! Sorry for the trouble, and thank you for being so forthcoming about all of this! (Thanks for the mods too, they are really well-made!)

@Leftie Thank you for your reply! It does appear that the installScriptExtension call that would end up loading and calling that code has been commented out, and I can't see it loaded anywhere else from a scan through the files, AND I was never able to find the [character[cache.json files that it's supposed to create, so I'll give benefit of the doubt and say it's probably not being used. Also, since the only information being sent to the external server is just a SteamID anyway, I trust that you're not doing anything malicious.

I think my major worry is whether this will be disclosed, should it go into effect. Even though the information being sent is just a SteamID, from the way the system works, it appears that it's just sending a standard HTTP request from the client's computer, meaning that an IP address is certainly attached. Some people might not be willing to accept that without good reason, particularly if it's done without their knowledge and by a mod.

The files only exist at all because it's more of a pain to remove all the traces of it when I'm still interested in making it work eventually. Pinkie promise they're not being used.

@Desaeta the DRM stuff hasn't actually been present in any of my mods for quite a while, due to how inconsistently it actually works. Plus, if you were really concerned, I could get you the source code of the entire solution, it's all open source on github. Absolutely no data is scalped or stored unless I explicitly place it in the database first.

At this point, it's debatable if it will ever find its way back into my mods anyways, but that's neither here nor there.

Hi, cool character! Would it be possible to make versions of your mods without all of the DRM stuff? It's okay if that means no skins.

I appreciate that you need to protect your financial interests, and this is no slight on you as a person, but I personally am unwilling to trust a modder I don't know and their black-box Heroku server that gets connected to whenever one uses any of your characters, especially when that hasn't been disclosed anywhere. From the looks of it, it's just to verify skin usage rights, but I'm still not comfortable having random HTTP requests sent out without my knowledge to an external server.

At the very least, I'd appreciate it if the presence of DRM (and what it does in broad terms) were disclosed in the mod page, because stumbling upon it in the files was a very unwelcome surprise, and it took a lot of investigation to be sure that nothing more sinister was being done without my knowledge.

Thank you for your time!

Really great mod!

Man I hate furries bruh, GET THEM OUT OF MY STICKMAN GAAAME!

the yoyo is just...eugh