Wysteria    Home    Archive    Feed

Chat Reporting Update

Jul 15, 2022

My last blog post was a bit, reactionary. I still hold the same sentiment towards the addition of chat reporting, but I’ve given myself some time to assess the situation. Now, I can better present why these changes are bad for the game and how the implementation of them is flawed.

This story really starts back in October 2020 with the video Java Account Migration: A Fun Announcement by Dinnerbone. The premise of the video was to inform the player base about moving Java players from Mojang and legacy accounts to Microsoft accounts given increased security. Things like Microsoft potentially harvesting user data is outside the scope of this post (“Minecraft snooper settings” if you’re curious), but the transition would also bring two-factor authentication to this decade old game. But that wasn’t the only change, as accounts that migrated would also gain a special migrator cape. The video also addressed how this change would not impact the game in any way, just add account security and give out a free cape.

Trust me, this is a positive move, and nothing you like about Minecraft is going to change

The blog post announcing migration has some slightly different information. While it echos much of what was said in the video (ie: two-factor and all Minecraft games under one account), it also includes a few other details. These new details are: “Improved parental controls to help keep kids safe when playing online”, “Chat and invitation blocking”, and forced migration. At the time, everything seemed as promised. That migration would change nothing about the game play. Except for that addition of chat blocking, but blocking a player from chat on a personal level was only the start of the negative changes.

Migration opened sometime 2021, and for a while you could play the game regardless of your migration status. This was until it was announced voluntary migration was ending. As of March 10, 2022, you need a Microsoft account in order to play Minecraft. Players would see the promised additions, such as capes and two-factor. Player blocking was also introduced in 1.16.4 pre 2 and it seemed as if changes relating to that social interactions were done, but this would turn out to be false.

Things start to get a bit spooky with snapshot 22w17a. This brought forth many fun game play elements and changes, but we’re here for a different change. Multiplayer chat is now signed. What does this mean? Well, it means chat messages have a unique cryptographic signature attached to them. This is done through a pair of private and public keys that are given by Mojang on login. This signature is generated by using the message, your personal private key, a salt, and a few other things to create a unique signature. This signature can then be verified against that information and your public key to verify that you sent the contents of that message. This change was put in place as “the first step in a process to provide more security and player safety features for in-game chat”. However, on the server end, by default having cryptographically signed messages was not needed.

The player base wouldn’t know what the player safety features were until 22w24a. Here we received chat reporting, a feature that used cryptographically signed messages to verify the message and the sender to report bad actors. When reporting, users could select the suspect messages along with a category that fits the report. In the report, a few surrounding messages get sent alongside the contents of the report. Some of the categories to report messages for make sense, but some were poorly received. Minecraft is a game played by all ages, with many different servers that have vastly different audiences. Why does Microsoft get to decide what is acceptable content for servers they do not run and manage? Profanity was a category on the chat report when the average age of a Minecraft player is 24 (source).

The reporting system didn’t have any actual effects until 1.19.1 pre 1 where complete multiplayer bans were released. Reported players can be completely banned from all multiplayer servers. Not just the official Mojang realms, but servers run by third parties as well as local network servers. And these bans can be permanent. Once this was found out there was a massive outrage from the community. Aside from realms, Java servers have always been run and moderated by the community. Server owners and communities have been able to self regulate for years. They have been able to have strict rules on what content is and isn’t allowed. Microsoft is coming in and removing the autonomy the community has had for over a decade. Its simply unacceptable.

Some things have changed since 1.19.1 pre 1. Bans are allegedly manually reviewed, so mass reporting will probably not result in a ban. Chat reporting can only exist on versions above 1.19 (as 1.19 is the earliest stable version with cryptographic signatures), but bans effect all versions of the game. The community has actually created a solution to (somewhat) fight against chat reporting with the No Chat Reports mod. Simply put, it strips the cryptographic signature sent with your message making it impossible to verify you actually sent the message and impossible to be reported. Interestingly, after this mod released, 1.19.1 pre 2 introduced an icon next to chat messages that indicate if messages lack signatures. This same update also made servers force players to send cryptographicly signed messages by default. While this could be a direct response, its probably just a coincidence, probably.

The reporting system still has many holes in it. Until 1.19.1 pre 3, you could create fake messages using a command block and use those to false report players. Players even created a mod to easily abuse the reporting system and create fake conversations. This only works because reports are sent client side, so all information is sent from the client. This means the client decides on what messages to send, the only verification needed is the cryptographic signature. This means malicious players can insert messages that have never reached the server in order to modify the conversation. I believe 1.19.1 pre 4 fixes this, but this still serves to demonstrate how easily this system can be abused.

This change undermines the years of trust built between Mojang and its players. Mojang is 100% within their rights to do this, but I fear the consequences of their actions. I’ve hosted a server for a little over three years now, so seeing these changes is discouraging. Microsoft has forced negative changes upon the game. The future of the game no long lies in the hands of the community that built it up. If you’re interested in some further reading, check out this blog post for a deep dive on the report system and the developer of the No Chat Reports mod for a community against the chat reporting change.

At least profanity was removed from the list of chat report categories.