Hi all.
What happened was a breach of trust (I hope - that is the right translation), but you don't like to discuss it, as I read in the 1st post...
(...) This information has never been shared with anyone for any reason outside the developers. Passwords are stored on the Auth server with a special SHA-1 encryption that includes a salting method.
Quite interesting to read. The Auth Server is the site Battletracker.com (=bt), isn't it? It's based on a wbb-board, so the passwords for sure are stored crypted (there's the possibility since version 2, if I remember right). Homey made you an API to check, if the submitted login data is correct and to send you some stats and the bt-number back.
But what about the delivery of my personal data to assist? That is not crypted. When I login in Assist with my bt-name and bt-password are send in "clear text" to assist-server. Nice to see only " ******** " in passwordfield, but the data finally send is plane text.
(...) I think it's best not to right now because there's not many players. If there were more players that could contribute coding abilities, then the community could work towards making Assist more secure instead of just a couple of us. (...)
I think outside of your "staff team", there are a lot of players who have coding abilitys. In my case, I offered my help not ony once or twice. I got rejected several times and than I finally lost the interest on trying it again.
While you "re-setup" this page, there was a short massage like: "Can anyone host the site?" I perhaps could do so but didn't have a way to contact you. I wrote a pn to Johnny on bt, because it was the only name and person I clearly could identify. Perhaps he forwarded it to the rest of the team...
For the future I'd like to have more transparency about what is going on and less restrictions. In my eyes it's a stupid thing, that modded servers are not tracked, only one account per person is allowed and many more... For sure, if there is a server-mod running, which gives 1.000.000 points per kill or something like that, it shouldn'n be tracked. But there are a lot of people who like to play with sf-weapons on standard maps (which was / is allowed from the game by forceclassing), so why you don't let them play that way? Also "low gravity" aka. "high jump" is settable by admin, so let them have some fun with it.
Cheating / Hacking in my eyes is a big problem, but there are only a few things we could do against. Evenbalance stopped PB support and the PB-scripts could only handle known hacks. I play this game for a long time and in my eyes there are a lot of cheaters playing very often. I have no evidence, so I won't call anyone a cheater.
Let me give an example: a person is dying every round and has 1 kill and 10 deaths in 11 rounds. Next round he kills nearly every enemy with one or two bulles and has a 30 kills / 11 deaths 5 rounds later, his bullet holes across the map are fitting on a 1-Dollar-Coin, than he is not clean for me, especially if you could watch this a lot of times.
Don't ban those players globally if there is no evidence. Offer us the possibilty to ban players by bt-numer like PB-Guid before. Give us the possibilty to find 2nd accounts, so that he can't join my / our server anymore. If I don't trust him, I'll ban him. In the past "innocent" players tryed to contact the admin and excused or explained. Especially the german community is very small and we know each other. "guilty" players don't even try, they make a new account or play on other servers to push their frag and get a ******.
Regards
Graf