Tencent infinite law has been questioned to collect user agent information Tencent response: anti plugin

Reprint Moonlight Blog  2019-01-19 10:34:49 Read 411 times Comment 0
Abstract:

Early this morning, micro-blog users Hackl0us questioned Tencent's "infinite law" game. They believed that their privacy strategy contained the "shadowsocks service configuration information that might collect users" behavior, which alleged that excessive collection of user privacy information exceeded the privacy scope that a game should collect. Shadowsocks software is mainly used to surmount the walls of proxy servers. If users are checked for use, they may be subject to administrative penalties. The Tencent has collected information on agency services in privacy policy. Users are worried that these information will be leaked to the relevant departments for prohibition and punishment. At the beginning of this year, the Nanxiong Municipal Public Security Bureau's network supervision team issued 1 administrative penalty decisions, and 30 year old Zhu Yunfeng was in the mobile phone from August 2018 to December.

This morning, micro-blog user Hackl0us questioned. tencent The law of infinity Game It is believed that the privacy policy includes the behavior of "collecting user's shadowsocks service configuration information", which is suspected to overcollect user privacy information, which is beyond the scope of privacy that a game should collect.


Shadowsocks Software It is mainly used for proxy servers to turn over walls. If users are checked for use, they may be subject to administrative penalties. The Tencent has collected information on agency services in the privacy policy. Users are worried that the information will be leaked to the relevant departments for prohibition and punishment. At the beginning of this year, the Nanxiong Municipal Public Security Bureau's Internet Supervision Brigade issued 1 decisions on administrative penalty, and 30 year old Zhu Yunfeng was fined 1000 yuan for installing Internet software on mobile phones from August 2018 to December. The reason for the punishment was "unauthorized establishment and use of illegal channels for international networking".

腾讯《无限法则》被质疑收集用户代理信息 腾讯回应:反外挂 业界动态 第1张

In response, Tencent game official micro-blog issued a response to this challenge, saying that the main way to collect shadowsocks service configuration information is to detect the shadowsocks agent characteristics that are popular on the mobile phone radar in the same game. The test is whether the external server IP is to stop the PC penalty. This is a pre embedded scheme, because the mobile phone radar plug-in does not refer to ROE, so the related functions have not been opened (that is, no data is scanned and collected by users). Tencent will highly respect the wishes of the majority of players. Next, Tencent will remove the embedded scheme and replace it with others. security Strategies should be applied to mobile phone radar to better protect the fair competition experience of all Tencent game products.

腾讯《无限法则》被质疑收集用户代理信息 腾讯回应:反外挂 业界动态 第2张

The following is the full text of Tencent's response:

Explanation of ROE shadowsocks detection function

腾讯《无限法则》被质疑收集用户代理信息 腾讯回应:反外挂 业界动态 第3张

  Tencent game safety center


This morning, micro-blog users @Hackl0us questions the collection of shadowsocks service configuration information of the infinite law game (hereinafter referred to as ROE), thanks to the attention of the majority of players. The Tencent game Safety Center explains as follows:


1. The principle of detection technology:


"Chicken eating game" is very hot, and related plug-ins can get huge profits, and there is an endless stream of plug-in writers. Especially in the traditional perspective function of FPS, new mobile phone radar plug-ins are emerging. The machine only performs interception and forwarding of game data, analyzes the external servers, and displays real-time game location information (including players, vehicles, weapons, supplies, etc.) through mobile app or web pages, and realizes perspective functions. For example, one of the well-known mobile phone radars is implemented through shadowsocks, the proxy server IP provides a proprietary server address for plug-ins; on the cheater's computer, there is only shadowsocks agent, and the use of shadowsocks agents and the connection of plug-in proxy servers are the most direct means to detect similar principles. With "

腾讯《无限法则》被质疑收集用户代理信息 腾讯回应:反外挂 业界动态 第4张

腾讯《无限法则》被质疑收集用户代理信息 腾讯回应:反外挂 业界动态 第5张

So TP security. system It will detect whether the shadowsocks proxy is used on the PC and check whether it is the external server IP to stop the penalty. This is a buried scheme. Because the mobile phone radar plug-in does not refer to ROE, the related functions have not been opened (that is, no data is scanned and collected by users).


Two, why do GDPR privacy clauses have shadowsocks detection instructions?


In order to respect the user's right to know and comply with the privacy disclosure requirements of GDPR, we have truthfully disclosed this method in the privacy clause. However, no detailed technical principles were introduced, which led to the misunderstanding of the majority of players.


Three, follow-up optimization strategy


TP security system, while committed to plug-in confrontation, will also highly respect the wishes of the majority of players. Next, we will remove the embedded scheme and deal with other security policies to deal with mobile phone radar plug-ins, so as to better protect the fair competition experience of all Tencent game products.


This address: Https://wanbk.net/171.html
Reminder: The content of the article is the author's personal view, which does not mean that the moonlight pub agrees or supports the viewpoint.
Copyright notice: This article is a reprinted article. Moonlight Blog The copyright is owned by the original author. Welcome to share this article. Please keep the source.

Comment


Expression

I haven't left a message yet. Do you want to grab the sofa quickly?