When reporting a bug, please follow the template provided, otherwise the report will be declined. The information requested is vital to allow us to correctly reproduce and then fix what you are reporting.
Anonymous mode vulnerability
I just had a player call out my exact hours despite the fact I played on anonymous, there seems to be a vulnerability in the anonymous mode system that lets players know exactly who they're facing, and goes as far as to let them view their steam profile.
When they said this, I at first figured they were just a cheater, but they then went on to say there's a bypass, so this seems worth looking into.
Steps to reproduce: Unsure - they were playing on Epic Games but they were premade with a Steam player, so the vulnerability could be on either side.
Platform: PC
Here's screenshots of what happened (also a screenshot of my settings just to confirm that I'm not stupid and didn't just turn 'Hide your Name' on without Anonymous Mode.
(Hid their name just incase)
Comments
-
There is no vulnerabilty. the epic player was using lobby detector which showing the killer they facing include the profil if available.
2 -
That's what I suspected too, only reason I figured this might be a vulnerability is because this was a semi-high profile competitive player - who does in fact stream to a reasonable amount of followers. I submitted a player report as well so it's being looked into there as well, just wanted to make sure that they were aware of it, just incase there is an actual vulnerability.
0 -
are your hours hidden on steam?
0 -
No, but they shouldn't be able to find out my steam name in the first place, that's the whole point of anonymous mode.
0 -
thanks, i asked because i wanted to know if they were able to bypass steam's privacy features as well. sorry that this happened to you, hopefully the devs can come up with a solid fix for this soon.
0 -
Not fixed. I faced 3-4 SWF team today, 1 most likely Epic Gamer (icon) and 2 Steam players, all they were anonymous Aces. Shouldn't they fix/patch this, tbh? They knew my Steam name (I have public profile on Steam, tho) despite I have anonymous mode turned on whole game session.
0 -
I found out later that this person has a lobby loader and was essentially cheating (semi-high level comp player btw). Uses it on stream & displays everyone's MMR, is forced to swap accounts like twice a week but twitch allows it for who knows what reason.
There is a vulnerability, but it's the same vulnerability that causes cheats to be possible, doubt they will be able to truly fix it unless they overhaul a ton of stuff.
1 -
Okay, good to know. Pretty lame people cannot live without stuff like that. Must be tough life.
1 -
That's why I don't even bother with Anon mode. The cheaters find out what they want either way. So let them see my 7k hrs and that I am a Wesker/Jeff and Chris main. I don't care.
0 -
AS Long bhvr dont Put SSL to Epic and Windows Store Version Like Steam. They will Always find your id.
0
