Howdy As most of you are aware, MCC adheres to an IP logging system. However, this can come out as something potentially harmful. Giving all senior moderators access to pretty much everybody's ips is quite concerning, as some of those who have access to them might come out as snakes, and end up doing what they shouldn't with them (shoutout deadlines, love you mama). The whole idea behind this post is to encrypt ips when looked up. So whenever a senior moderator types in /iplookup <insert ign here> the ips would show up as some random characters (i.e. a973c8sb0af). And whenever those words are input in the ip punishment command/check ip command/ip lookup command, the plugin would automatically decrypt it, and display the ip history just as if it was being looked up normally. Why I came up with this? Honestly, idk. I just feel like some people might end up potentially harming others by having such private information (shoutout deadlines x2). I hope this gets looked into and not ignored like most of my suggestions stay safe
Hey Guih how are you doing men I trust the Mentor + Admin team their decision on whoever they promote to Senior Moderator but I don't think your suggestion would harm. With the internet being the internet nowadays I think it's of utmost importance to protect your users/players their privacy and information. And since it went wrong in the past once you never know when a situation similar could occur. I wouldn't have any clue if this is possible with how the iplookup currently works. But since IP addresses are just some numbers, replacing this with other numbers/strings would work I guess (I am a bit dumdum on how those things work lol). I'd love to hear some of the Senior Moderators their thoughts on this to see what they think, or if it would even be possible. I'll ask some to read this thread and to give their thoughts on it. If the suggestion gets support from other players and if it's possible according to Seniors I'd be happy to forward this thread in an admin ticket.
This really isn't something that's needed. Whilst yes, we could implement an encryption & decryption (it'd be quite trivial, really), its honestly not something that is needed. Often when looking up players IPs to check for evading, we check parts of the IP address to see if they have been resetting their routers. For example, using fake IPs, a player may have IPs like: -192.168.100.20 -192.168.100.25 -192.168.99.10 -200.35.29.95 -192.168.101.55 In that example, we can clearly see 4 of the IPs are leased from their ISP, whereas one of them clearly stands out, either as a friends IP, or as a VPN. We use information like this when figuring out if they should be IP banned, or if their account was shared etc. Yes, this system is potentially prone to abuse - just like any system that gathers data - we put faith in our staff that they will use the data for their correct purposes, and simply have to hope that they do not abuse it. The same goes for literally every website on the internet, to connect to ANY website or ANY game or ANY service, your IP is given, so data can be sent back to it. So the fear of a MCC staff leaking IP addresses is minuscule compared to the greater dangers of using the internet in general. In saying all of that - I think too many people are paranoid about IP leaks. Your password leaking is thousands of times more dangerous than your IP being leaked.
I shall comment on this. I definitely you think you are ruling out the probability of a senior moderator leaking the IPs. You claim that passwords leaking are more dangerous than IPs, well, I’d argue differently but that’s not my point here. Yes, you are correct with the fact that every company that we sign up for has our IP in the database; but we are not comparing or talking about them and thus I do find them an irrelevant point to bring in to this suggestion. We are talking about MC Central. It is a profound fact that MCC is toxic and whereas this does not automatically justify that senior moderators are going to leak IPs - the fact that it has happened before, and current/newly promoted (take your guess) have been found to openly made threats about this in external minecraft clients such as LabyVC then you would understand the frustration and perhaps fear of the MCC community when we received these promotions. I definitely don’t think this is something the staff team should decide by themselves, that it should be the vast community that decides this. Encryption is definitely a better protection system than what MCC current has and would settle some of the moral panic in the community right now. This, suggestion, affects players more than most of the suggestions currently being made and will made in the future so my proposal is that you be a bit less narrow-minded and stop having so much “faith” in your senior moderator team. I am not here to cause an argument, I am saying what most people would like to say and I can assure you that the main community would think the same as this. You are attempting to SUGARCOAT the fact that IPs being leaked is dangerous by putting emphasising passwords being leaked are dangerous. Please stop subtly changing the topic and focus on the main issue. I’ve had multiple witnesses to people that are not going to log on again, sure that’s probably a joke, but do you blame them? I know I’ll receive some senior moderator response with a sassy letter to me on this but alas this is what needed to be said.
Thank you all for your inputs. I would just like to point out a few things. You might think that. But we all know its not. Unless you are one of those people who use the same password for everything, then it becomes a little concerning. Other than that, having your IP leaked is much worse. Having that in hands, people can geolocate you, for example. Quite worrying, ain't it? It should work just fine. The plugin is also quite easy to make. It starts off with an API that would first collect the information (IP being looked up) and that piece of information is encrypted. When input in the checkip/puniship commands, the encrypted string would be automatically decrypted Code: API.decrypt("encrypted string goes here"); Lewis's response summarizes pretty well what makes me believe that encrypting IPs is important. In the end, mcc cannot collect any of our passwords, other than their own website. And getting those leaked wouldnt even be that big of a problem tbf. In the end its just a minecraft website account, not your home address and potentially your own self that's been put in risk. Once more thanks for the input. I look forward to hearing more from the community. Stay well!
I feel like they should just let admins have this because having senior mods have it is a little bad and since someone already has leaked peoples ip is a little concering tbh if not admins owners like seriously at any time people can just leak your ip and thats bad, because sometimes, staff just have temptations. and end up doing it. +1 from me
I’m all for encrypted IPs and especially fond of what Lewis said in his response. Regardless of how much the admin team trusts the senior mods, the fact is that it got leaked in an exact fashion as what would be possible now. Said senior mod could easily keep a list of ips for when they are demoted/resign and the share those or use then for whatever harm they want. I do agree with Lewis in that the community should decide what happens to their ips. Knowing mcc however, it’s very likely the community won’t get a choice on what happens to their own private info. I’d personally like to know, what harm does this cause? I see benefit and protection for the community and don’t see any type of harm to the staff team. What is harmful about this or is it just tiring to create it?(totally understandable if it is tiring)
IP encryption in theory is a nice idea, but Kieren's point about similar IPs is the thing which means it won't work in practice. Without the ability to identify similar IPs, evasion would be laughably easy. I agree - it's a trade off, but I believe it's something that is absolutely necessary for dealing with IP ban situations. Without it, Skywars would have an even bigger mass evasion problem, shared account IP bans would be impossible to deal with, and you would likely be getting B-hopped on/traced to most UHCs. For example, I use common IP's a lot for dealing with the Prison and UHC communities; since players often share alts, we frequently see IP bans for shared IPs with evaders. Without being able to tell what the common IPs of a user are (as Kieren outlined well) it's impossible for us to tell who owns what account, or when account sharing occurs. We had problems recently with known UHC players being linked to an IP banned player who was well known (and therefore had a lot of shared alts), something that could not have been dealt with efficiently without being able to see common IPs. Shared account IP bans are already a big point of community dissatisfaction, and it is not something the staff team has much control over, so making it a larger problem seems counterintuitive. I understand why there's privacy concerns, and if a solution to this problem is found I'm all for it. If encryptions could work in a way which hid IPs but still could show us IP patterns, that could potentially work, but then if there is a pattern there is usually a way to decrypt. For now, have faith in the senior moderator team, who have built up trust through the time they put into the staff team and who have a good track record with handling IPs outside of the actions of one person.
Thank you for your response. I do agree that evasion could be made much easier with such changes but I do not think that is a major setback to adding a plug-in that would make ip security much stronger. Patterns in the encrypted strings might not be as easy to recognize as current ip patterns - it might take a little more attention, however they will still be there. And I do have my reasons to not trust some of the seniors. The point of this thread is not to create drama, rather to gather opinions on my suggestion hence I’m leaving this onto another topic. But I do believe that some of them are not the people who they seem to be.
Hey! Pretty much as what other Seniors have said, it's a very useful tool when it comes to catching hardcore ban evaders. Another thing to note is that this isn't some reoccurring issue; if it was, Administrators would have implemented this by now. It has been over 2 years since a Senior did something malicious (and you mentioned them). That's the only time something bad has happened with the new IP System Your suggestion would be more plausible if this was an on-going issue, but it's not. (And if you think it is an on-going issue, please provide proof)
I do not think it is an ongoing issue. However I do believe that it may become an issue in near (or not so near) future. Nobody knows what people have in mind. My main idea was to have that as an preventive factor in the server. And I might be overthinking a tiny bit but the fact that seniors support other seniors by liking their posts shows how they really want the ip system to stay as it is and not to change in order to provide more security for the community. Interesting ain’t it
I'm just going to close the thread here, because we are all going around in circles here. Right now, its not an issue. In future, we hope it won't be an issue. Any and all systems are open to abuse - its simply how it happens. The act of you even visiting this website, or any of the websites you visit on a day-to-day basis have a chance for your IP to be exposed- its a fundamental of how the internet works. We take due diligence in choosing our senior staff. In the rare instance that they choose to abuse the system, they get banned and blacklisted, as per the previous person to do so. We are not going to obscure our IPLookup system, making it multiple times harder for staff to IP check, simply to satisfy paranoia surrounding IPs. Our system works fine, and assists us in banning players who choose to evade with alt accounts. Further more, my IP address has been public knowledge for 5 years now, even with me hosting a webserver on my IP address. To date, nothing has happened. I am skeptical that anything ever will happen. I feel like more often than not, people get a slight bit of lag, or their internet is actually bad in general, and they cry bloody murder thinking that their IP has been leaked and that they are being DDoSed. Please do note, DDoSing is a federal crime in most parts of the world. If you think you are being DDoSed, rather than crying, contact your ISP. They can get logs as to the source of the DDoS attack(s), and forward them on to relevant authorities. Thread locked.