Forum

Open Bridge first then connect to the server. If there's an error, it will display then. Kind of a bug in the AA GUI.

If someone is smart enough to snoop network traffic of someone, replicate it and play it back to Assist, they should probably be spending time going after something worthwhile, not a free America's Army account that only gives you access to play the game...

wtf regarding doing business. your business should ve been done sometime around 2006. when the game was in its peak. and how da fak have you been forced to suspend everything..please, do explain!
if that is truth then something should be decentralized..i bet there are companies out there that can provide better service then yours "lowpingservers".somebody really faked up that johnnyM dude since he left for good.that someone should be labeled by the community and expelled forever.

LowPingServers hosts AAO25.com and 3 game servers. That's it. LPS didn't host Auth, Auth was shut down by Jonny, as explained many times before.


Let's move on shall we?

Quite interesting to read. The Auth Server is the site Battletracker.com (=bt), isn't it? It's based on a wbb-board, so the passwords for sure are stored crypted (there's the possibility since version 2, if I remember right). Homey made you an API to check, if the submitted login data is correct and to send you some stats and the bt-number back.

Battletracker is just a place where accounts are stored. We have a VPS server that runs everything else (controls authentication, server querying, server list, banlist, and more).

But what about the delivery of my personal data to assist? That is not crypted. When I login in Assist with my bt-name and bt-password are send in "clear text" to assist-server. Nice to see only " ******** " in passwordfield, but the data finally send is plane text.

It's not sent in clear text. There is a special hashing method inside Assist that hashes the passwords with salt before they're sent to Assist/Battletracker.

I think outside of your "staff team", there are a lot of players who have coding abilitys. In my case, I offered my help not ony once or twice. I got rejected several times and than I finally lost the interest on trying it again.

While you "re-setup" this page, there was a short massage like: "Can anyone host the site?" I perhaps could do so but didn't have a way to contact you. I wrote a pn to Johnny on bt, because it was the only name and person I clearly could identify. Perhaps he forwarded it to the rest of the team...

I have heard of you offering help in the past but not this last time. In any event, some things are kind of disorganized on our end. One of which is the offers of help we receive. Some are discussed briefly and then ignored or are outright ignored in the first place. This is not good. I've created a new thread in the admin area with a list of people who have offered to help, what they're good with and a way to contact them. This list will be used any time we need anything. Any offers of help from here on out will not be in vain.

For the future I'd like to have more transparency about what is going on and less restrictions. In my eyes it's a stupid thing, that modded servers are not tracked, only one account per person is allowed and many more... For sure, if there is a server-mod running, which gives 1.000.000 points per kill or something like that, it shouldn'n be tracked. But there are a lot of people who like to play with sf-weapons on standard maps (which was / is allowed from the game by forceclassing), so why you don't let them play that way? Also "low gravity" aka. "high jump" is settable by admin, so let them have some fun with it.

For the transparency, we will have a TOS that outlines what Assist is and what it does on your computer. As for mods, I don't think we'll track them again. We didn't remove them from the game, people are welcome to play. From this standpoint, we've accepted them MORE than the AA devs have. SF weapons can still be done by forceclassing as long as it's not abused/done every round. It's been explained many times that this disrupts classic gameplay. This project is about keeping the core gameplay alive, true to what the original developers wanted.

Don't ban those players globally if there is no evidence.

It's been a long time since we've banned without evidence. There's plenty of players reported but honestly, everybody that's been banned has been banned with proof.

That's what she said?

Only if it's the back door...

We're all excited AAO25 is back but let's try to keep this on topic guys

I think your all CIA!!! 

I added that in just for you Rapture told me about it. I had a good laugh.

I just want to say a few things to everybody coming back. First and foremost, no more discussion of the last Assist version. It's been talked to death on here, Battletracker and the official AA forums. AAO25.com was not re-opened to discuss what happened, it was re-opened to discuss the future of this game for those that wish to continue playing it.

With that said, I want to dispel any conspiracy theories and give you some hard information on what's going on:
- None of the other developers, including myself, work for any governmental agency.
- The only personal data ever used/harvested by Assist is the username, email address and password that you choose to enter into the program and/or into Battletracker. This information has never been shared with anyone for any reason outside the developers. Passwords are stored on the Auth server with a special SHA-1 encryption that includes a salting method.
- Assist was not shut down to "hide evidence". It was shut down to avoid abuse of the system and to prevent any  non-relevant personal user data from being harvested.
- It's taken so long to bring back AAO25 and Assist because we have been discussing the best way to bring it back in a way that regains trust and ensures confidence in our users. Without you, our work is pointless. We didn't want to simply go back on the last update and let things go back to normal. We are fundamentally changing various features in Assist as well as introducing a TOS agreement that tells you, the user, what Assist is and what it does.
- Jonny has retired completely from the project. We all appreciate the work he's put into this program over the last 5+ years and he will be missed. He wished for me to post a public statement  when this site came back online:

The latest version of assist (7.47) included a new anti-cheat feature that allowed us to search peoples computers for cheats or hacks, This was done via an authenticated connection to the authorisation server. When you downloaded 2.5Assist from our site it was on the understanding that it was an installation and management client for AA2.5, I believe that this gave us a mandate to access and modify files on your computer that are directly related to AA2.5 and extended this definition to include cheats/hacks that are specifically designed for use with AA2.5
Unfortunately this new anti-cheat feature was rushed and not properly thought through and contained serious security flaws that meant it could have potentially been used to access files that were not directly related to AA2.5. I am not a professional software developer and only do this as a hobby for free, as such I have no qualifications for this type of work and was bound to make a serious mistake like this sooner or later.
I want to assure the whole Assist community that this latest feature was only live for less than a week and was only ever used on a very small group of know cheaters, Where it was used I am 100% certain that no files that were not related to AA2.5 were accessed and I am 100% certain that no personal information or data or anything else not relating to assist has been compromised.
I soon as I came to realised what a security/privacy threat this could have become I acted immediately to shutdown the system to prevent it being abused and removed the authorisation server making it impossible for this feature to be used again by anybody.
There has been talk of Trojans, spyware and backdoors being used but this is not the case, This was simply a function built into the assist client that could only be accessed via an authenticated connection to the Assist authorisation server. With the auth server now gone this security flaw is now completely removed and unusable to I can assure all of you are perfectly safe now.
When our server hosting company found out about this they did not want to have anything to do with us anymore so the AAO25.com forum was taken down, Some of the admin team are now working to get the site back up so they can discuss a way forward with the community.
I however will no longer be involved in this project, I have made a mistake and have lost the trust of the community, I no longer trust myself to develop software and will not being working on anymore projects in the future.
Some of the other admins have expressed an interest in removing said features from assist and continuing the project but that is up to them and community to decide.