http://dbd.game/killswitch
VPNs are unhealthy.
Comments
-
Yet is that the only aspect that is compromised in this secure breach? Once again not disputing that solely an IP cannot be used to achieve this.
Everyone is so convinced it is just the IP address? What is this assumption based on?
0 -
That’s not that’s easy ( just reboot )
nope, you need to use an VPN, change an heck of value on your internet, or call your internet givers.
and dude, ip it’s literally the location of your internet box in data …. Just test on find my ip location website
0 -
Okey this is simple … lag affect survivor and killer both.
end of debate, here we go
0 -
That was what I was implying. People have most likely fixated on the IP because DDoS and doxx'ing sound similar and they were used in the same tweet.
It would be very concerning if BHVR's security was breached in such a way that allowed hackers to access client-side information. I also find it very unlikely that BHVR screwed up that badly. It seems more likely that someone's lax internet safety caused it than a multi-million dollar corporation screwing up, but we don't know, so I won't point fingers.
1 -
as i know china doesn't have their server and officially banned dbd so if this apply they can't play this game
im ok cause im not chinese lol
0 -
People are fixated on the aspect that easily translates into grievances. Extracting other data and actually using it is far more labor intensive in comparison. Swatting random people isn't a thing that happens in practice, as the ability to pick a random address isn't difficult. DDOS are way more prominent.
Multi million dollar companies screw up on a regular basis. Acting like it is some unlikely scenario is naive, as showcased by the issue here. Our IPs are up for grabs even though we have dedicated servers, already indicates that more information is accessible by others in the lobby than would be required. Assuming it is limited to a single parameter is unfounded and unrealistic as information is rarely that isolated.
Should one be really that concerned about being swatted, is a totally different question. Generally speaking no you don't in my view, but if you are considering that an actual threat... there are grounds for caution. If you are in the public eye should you be more vigilant most definitely.
From a IT security perspective this issue isn't a huge breach, but assuming that it is solely your IP is wishful thinking at best.
0 -
I don't think there has been probable cause to assume it is more than your IP.
Your IP is not a client-side thing, it is transmitted to BHVR's servers. There is no precedent over the hackers being able to do anything with that other than hit you off.
1 -
I have not undermined anyone's experience at all. The factors which led to someone finding that streamers address are irrelevant to the experience they had as a result. I do know that an IP leak has no correlation to that person being "swatted". I do not know why you're having so much trouble understanding this and this is the last time I'm going to tell you; It is not possible to have someone "swatted" because you know their IP address. That is the topic of discussion, that is the data which was leaked and led to that streamer being DDoS'd, that is what everyone is assuming led to the streamer being "swatted" and that is why people are advising others to use a VPN - incidentally, if personal information other than your IP address was involved in the leak then using a VPN would not hide that information, using a VPN would make no difference.
I've handled the security of networks and companies with far larger infrastructures than BHVR has. I'm not one to gloat about my accomplishments, but, I would consider myself to be incredibly competent in this field and I've had a pretty successful 20+ years without a single unhappy employer, so much so that it's allowed me to pretty much retire at a relatively young age.
I haven't attempted to guarantee anyone's safety. I haven't claimed to "care about a majority of people". If my comments put one person at ease, then they're worth posting. If everybody reading my comments completely ignores them, then that's their choice and I'm fine with that too. I'm not emotionally invested in this incident in any way. I haven't claimed that everyone is safe either. Nobody is ever 100% safe online. Please stop trying to tell me I've said things which I haven't said.
You are still not actually adding anything valid to this discussion other than an empty argument. You do nothing but throw around baseless ifs and buts. People are overly worried about this incident as it is and all you are doing here is fuelling that paranoia, please just stop. No matter what rational reply I give to all of your queries and comments, your next comment completely ignores the vast majority of my responses as you go off on another rant about something else.
This discussion has gone around in circles long enough and I genuinely think that you just like arguing with people for a petty game of one-upmanship. Your ego has no place in this discussion.
1 -
I've already addressed these things in previous comments. Your IP address is not the "location of your internet box".
2 -
My ego has nothing to do with it, I am not the one bringing up my experiences. You claim I am arguing against something I have flat out agreed with multiple times. An IP alone isn't enough to swat someone. What exactly else should I state about it?
Your solution is also not always accurate and based on ISP protocols, which I also pointed out. While a VPN does solve it always.
I questioned your downplaying that the factors in play for a swat were only external. While it is totally reasonable to question what other information is at risk.
This is about the whole thing not just your single narrative.
0 -
Ridiculous. If you weren't ignorantly claiming that I do not know what I'm talking about and stating that I'm "acting" like an expert in this field, despite not knowing a thing about me, then I wouldn't have mentioned my "experiences". It's not as though I barged onto this thread flashing my credentials and demanding that everyone heed my every word. If you're going to question my knowledge on a topic and claim that I don't know what I'm talking about, then I'm going to respond and tell you that you're wrong.
Again, I never once claimed that my solution is 100% effective. I do not understand why you keep repeating this. Additionally, if there genuinely was a breach which leaked personally identifiable information or anything else other than basic connection information, such as your IP address, then no, a VPN would not solve anything. A VPN would be useless in that scenario as it wouldn't protect your privacy/information at all, it would only protect your actual IP address. So, your solution to a problem which you've made up, despite there not being a single shred of evidence to remotely suggest that anything else has been leaked, wouldn't be a valid solution regardless.
You can argue your "what ifs" until you're blue in the face, it doesn't add any credibility to them.
0 -
You complain about peoples egos yet really like talking down on others. I agreed on parts of it yet you are so focused on this being solely limited to IPs based on what!
The fact is that not playing is the advice to those truly concerned about swatting. VPN is the best solution to avoid DDOS attacks. Each individual should make that choice themselves.
Your entire argument against it being even remotely related to the security concern is a what if. It is purely based on external factors? Or is it just extracted directly from BHVR? You are making an assumption that the leak is confined to just our IP, while trying to downplay any other option for the swat than an individual's social media handling.
Have you even read their policy on what they actually store, have a link:
Nobody here knows the extent of the information that can be extracted, it is quite safe to assume at least one of our identifiers in there, which ones? Their internal one only, which would be totally fine or is there more?
Unless BHVR informs us of the situation, you can assume any information on their end could be a part of it. The fact that the information was not encrypted, means there is a liability.
0 -
I haven't talked down to you. If you feel that way then that's unfortunate, but, it certainly hasn't been my intention.
I'm focused on IP addresses because the facts and evidence presented thus far indicate that this is the only thing which has been leaked. Facts and evidence are important, anything else is pure speculation on your part without any factual basis at all.
Yes I've read their privacy policy. I'm one of the few people who reads them. BHVR cannot store information you aren't giving to them. The only personally identifiable information which could possibly be extrapolated from BHVR's servers, linked to your DBD account and therefore be part of this leak would be log in details for cross-progression accounts created on BHVR.com. This would be accounts such as Facebook or Google and this would consist of names, profile pictures and email addresses - if this were the case, it would be a much bigger issue than it currently is and would have far more serious ramifications for BHVR. If a user has never registered on BHVR.com using those social networks then BHVR does not have any real personally identifiable information for that user. They will only have things like your IP address, OS, screen resolution etc. No evidence points to the former being the case and I don't see why BHVR would transmit this data in the first place in order for it to be intercepted during a game. it's pretty safe therefore to conclude that this has not happened.
Your "internal identifier" in regards to BHVR, is your "Cloud ID", nothing more. Section 3 consists of information you optionally submit via various avenues such as newsletter subscriptions, surveys, submissions to this forum etc. and/or device information and wouldn't be linked to your DBD account, so these things couldn't be leaked in the same breach.
1 -
My FED senses are tingling.
0 -
Fed?
0 -
The focus on IP is fine and understandable, the facts matter. The only issue I have is how easy you downplay the potential information that could be in there and just scuffing it up to external factors.
When I read aspects like using the device setting location rather than just ones IP. I do wish that BHVR would be more transparent on what is actually being intercepted and what is included. Those type of fields could potentially be extremely accurate based on how it was setup. Are those type of collected data used for matchmaking? If it is just an internal ID and IP address with its general location, there isn't much to worry about. Yet companies have made odd decisions based on trying to make a better service.
To be clear, I don't believe enough information is going to included for all out ID theft or anything. To extrapolate a location or a starting point for an external search, maybe.
0 -
Fed, agent of the State. In context, to an American it would be the FBI.
0 -
Ohhh that’s what you mean
0 -
Yeah that’s right, sorry my English is bad ….
for be simple … this is the « « « localisation » » » of your network
0 -
Explain
0 -
I'm really not trying to downplay anything, I'm just aware that BHVR do not really hold any personally identifiable information that could potentially be leaked and lead back to a person's address other than by the method I mentioned in my previous reply, which is incredibly unlikely to have happened and would only affect users who have enabled cross-progression, if it had happened.
People on here, on Steam, on every discussion I've seen regarding this issue are recommending that others use a VPN to be safe, with some going so far as to pay for subscriptions to VPN providers. Some of those I've seen recommended and purchased by players shouldn't be trusted at all and are far more problematic privacy wise than a stranger on the internet knowing your IP address as some collect, share and sell far more to third parties. Not only is it unnecessary for most people if the leak only contains your IP address, but it wouldn't help if the leak included more than that - so either way, a VPN is largely unnecessary for the vast majority of users. I would advise popular streamers to use a VPN to help mitigate any DDoS issues, at least until this all blows over and maybe anyone else who has been DDoS'd, but not the average player. If someone is intent on paying for a VPN, I would recommend they use Mullvad, IVPN, or ProtonVPN. If someone doesn't wish to pay, I'd recommend Windscribe's free version with it's 15GB limit and make the most of the 200-300 hours worth of bandwidth it would provide per month if routing only DBD's traffic through the VPN using split tunnelling.
Generally the best way to understand how a criminal operates is to behave and think like one, this becomes easier if you have an understanding of the nature of the crimes they're committing. I've worked with a lot of ex-criminals who used to do this kind of thing and now work for security companies to prevent it. Knowing what I know, If I wanted to "swat" a streamer, the first thing I would do is visit their stream, then I'd check their social media links, I'd look up each of their usernames using various different search engines. I'd examine their posts, connections, "likes", conversations, images etc., for any information that could indicate their location. Searching for a possible breach in a game they play would be pretty low on my list. People generally don't just plaster their address on social networks of course, but it can often only take a few pieces of information carelessly posted by a person who doesn't realise that these pieces of information when put together, can potentially be harmful to them.
When I first had this discussion with another person, I did just that and found out everything about the streamer who was swatted within 10 minutes - and this was after they'd already been swatted, so they seemingly haven't learned from their experience. It's a pretty reasonable presumption that whoever was DDoS'ing that streamer was watching them on Twitch as they did it. So Twitch was my first go to, from there I found everything, so it's also, in my opinion, reasonable to think that whoever was DDos'ing that streamer, did the same thing. Since only one person has been confirmed to have been swatted, I would also assume that the other drag queens in that group who stream and were also DDoS'd but not swatted, weren't as easy to locate as the one who was swatted. Admittedly, I haven't looked any of them up so I can't confirm this.
Granted, I have no actual evidence of this, but this is how I would have done it and to me, it's the method which makes the most sense. It's quick, it's easy and it doesn't require that you do anything illegal in order to obtain the information you want. You simply rely on the carelessness of others and information which is already public.
I have location services turned off on my devices and I don't really wish to turn it on to test it, but, I think that "device location" may be in reference to the mobile version of the DBD, rather than the PC version. Windows users should have a notification in the bottom right corner of their screen when DBD is running if it is using your PC's location. Again, this is not something I've tried to verify so I could well be wrong here, but, generally geolocation is sufficient for things like matchmaking. If BHVR's servers are configured to use device location for matchmaking then using a VPN to connect to servers outside of your region shouldn't really work, but we know that it does. On my Windows PC, at least, DBD has never attempted to use my device location.
1 -
I don't mean to be rude, but, I really don't want to go through all of this again and I feel as though the language barrier would prevent me to do so.
Your IP address does not show your location.
0 -
I mean DBD overall is just unhealthy.
0 -
Really :U ?
0
