This tea app garbage has me thinking…would it make sense to hash the identifiers that come from GetPlayerIdentifiers() (source) before storing it into a database?
My thought process is that if someone were to leak the database values (and assuming we were particularly cautious about how we hashed it (e.g using a one way hashing algorithm and a salt), it would make the identifier itself safer to store, but not as easy to manage.
E.g. Not so easy to take a hashed IP and toss it to the VPS server for additional layer 3 blocking…Or not so easy to grab a steamidentifier and look up the associated player to see if there are any vacbans, or not so easy to take the discord and associate it to an in-discord role. Hopefully this is clear.
I guess the question is: Are these id’s particularly dangerous in the hands of a nefarious user, or are they as easy to acquire as I hope they are and as harmless as I think they’d be?
Would love to hear some of your feedback on this topic (especially from those who happen to manage databases either for their fiveM server or just in general!)
Thanks and I look forward to some tasty discussion!
Cheers
-ThatMoistGuy
Theory-only answer (I haven’t managed any servers for years now, just an “old pro” kind of guy hehe):
The ID’s overall shouldn’t really matter, even if exposed, as they can be obtained otherwise AND/OR would cause very little issues even if leaked.
Most servers nowadays have a Discord server for whitelisting via roles, so all players are on there anyway and can be deduced to specific characters/players via different means.
Having someone’s Steam ID leak is really no trouble, not much you do with one even if you tried.
IP’s are more dangerous, but the real answer is not storing those in the same DB as other player data; if you need it for DDoS protection or whatever, it should only be on your proxy, and not stored for a meaningful period of time either - dynamic IPs, VPNs, etc, all make an IP as means of identification increasingly more useless every day, and you really shouldn’t even be saving them unless you know you need to
Conclusion, you can very well hash + salt the IDs, but I dont personally see the worth in doing that - the time and effort would be better spent securing your DB against unauthorized access and other things, TBH.
Nothing GetPlayerIdentifiers returns, except for the IP Address (debatably), is private. At worst, it could be used to confirm someone connected/played on the leaked server. As such, hashing it doesn’t seem worthwhile.
That said, if you were to, for some ungodly reason, collect additional personal information about someone, and then associate said information with a license ID (i.e. opening the door to doxing), then yes it might make sense… but I can’t think of a single good reason you’d be collecting information like that for a video game.
IP addresses by default are considered Personally Identifiable Information (PII) in most countries with good legal practices in the sphere (EU, US etc), but also most IPs are dynamic and people can use a VPN, so it’s really no biggie. Still, collecting IPs should be done carefully, and not done unless necessary.
This is a beautiful statement. Focus on securing the database first. I’ll take this advice! Thanks bud!
I’m actually going to request players home address, selfie, height, and weight, but only if their name is @christopherM hahaha.
No, I’m joking, but you make a good point. I was thinking about adding an authentication method for logging in like password auth at SOOOOME point, and that will DEFINITELY be optional and appropriately hashed and salted…but first steps first!
What about the player-tokens? Aka the hardware identifiers? That could potentially be dangerous right? Like maybe in the hands of targeted attackers?
I know that the point from each of you was:
Ensure you’re hardening access to the database both implicitly and explicitly
Don’t ask for unnecessarily personal identifying information…
BUT in this case, on the surface it seems a bit unessential, but I feel that this could be dangerously used aswell…LOL I’ll leave you alone after this! Just wanted to know you gents thought on this!
From my (limited) understanding of how those tokens are generated, they use the player’s hardware identifiers and some unique value from the server (unsure if from FXServer or the Server Registration Key, I would assume the key). Thus, even if a bad actor got their hands on these tokens, they wouldn’t be able to use those tokens alone to identify someone, or really do anything ‘bad’, as they’d need the server’s ‘unique’ component to make any sense of the values of the tokens.
If you’re storing them in a DB, and the whole DB gets dumped, you’ve got bigger problems anyway.
Keep in mind that you technically always have to have a “privacy policy” (or something similar, even just a disclaimer) when setting up a public server that people can read before actually connecting.
(I know that basically no one does that, but thought I’d bring it up anyways)
Keep players informed on which information is actually saved.
Example list:
FiveM identifier
Discord identifier
license identifier
gameplay data
And give them the ability to contact you to have all their data removed. (GDPR stuff)
Even if the “FiveM” identifier or others are publicly available (e.g. FiveM is public on user profile (if not set to private), Steam is also public etc) - and not explicitly denoted as a PII - they can still be used to potentially identify someone (even if you cannot do that by yourself) as these accounts are often associated with payment details etc.
Very fair point. I think that’s necessary considering we’ll need to use some of this information to identify new and returning players. I’ll do some research on policy and see what I can find!
