This is part of a series describing the history, context, and technical details of the modding we’ve been doing resulting in this big En Masse / NA TERA commotion:

Introduction . What’s all this about?

. What’s all this about? Part 1: The History – A Timeline . Take a walk down memory lane from 2012 to today.

. Take a walk down memory lane from 2012 to today. Part 2: Techno Mumbo Jumbo . The technical details of how and why these mods work.

. The technical details of how and why these mods work. Part 3: What Can Be Done? ⬅ You’re here!

⬅ You’re here! Conclusion (not yet published). Obligatory closing thoughts.

Feel free to skip around to the parts that interest you.

May 1st, the first scheduled protest day, has come and gone, and EME doesn’t seem to have done much of anything with this subject matter, so it’s time for the last bit.

First we’ll take a look at what has already been done in the past and present to address these issues, then I’ll discuss alternatives.

The Past

BHS has done two things to try and kill off meters in March 2016, and they’re both laughable attempts at best.

Encryption Keys

The first attempt was to update the key generation. As mentioned in the previous post, the client and server need two keys to set up encryption. What I didn’t cover was that these two keys are manipulated to produce the initial encryption state. It’s a little out of the scope of this post to explain in more detail, but Wikipedia is there for anyone wanting to learn more.

There’s one thing that’s particularly relevant to this case, and that’s the circular shift. If you had a 4 digit number, such as 1234, and you wanted to perform a single circular shift left, you would move the “234” left and the “1” would go back around to the end because we want to stay at 4 digits. So 1234 after one circular shift left would turn into 2341.

Likewise, 1234 after one circular shift right would turn into 4123.

Why’s this of particular importance to us? Because BHS’s attempt to thwart meters was to change the shift amount in three of their circular shifts.

That’s… That’s it.

We have entire files dedicated to dealing with BHS’s custom encryption scheme, and all they did to try and shake meters off their trail was change three numbers.

Seriously? Seriously. Really?

Look. It’s bad enough that they made their own cryptography. It’s something that pretty much everyone advises not to do. That’s not too relevant here because the prevailing concern there is that your cryptography won’t be secure and will be very vulnerable to an attacker.

That’s not BHS’s concern here. They’re not trying to stop an attacker that’s trying to hijack TERA connections in a coffee shop. They’re not sending sensitive data where it’s a privacy breach for a player if someone can read it.

They’re only trying to stop things like meters and proxies and “third party tools” from playing with the data.

And that’s fair. Totally a good idea for them to do, because that’s the sort of thing that stalls widespread network data manipulation for years. It clearly hasn’t stopped it, and it’s certainly been around for just as long if you’ve read the first part of the series, but the less accessible you make it, the less you have that sort of stuff running rampant.

Rolling their own crypto is, to me, indicative of another problem: BHS has absolutely no idea what they’re doing.

There’s an algorithm called SHA-1. It’s a hashing algorithm; that means it takes any arbitrary data you want and maps it to some fixed size value. It’s supposed to be as difficult as possible to recover the original data, and as difficult as possible to find two things that have the same hash.

SHA-1 is a very well-known algorithm. That thing that shows you the padlock on secure websites—like this one, or PayPal, or even En Masse’s site? For almost all HTTPS websites up until a few years ago, that was with the help of SHA-1. All the links I’ve been making to specific changes from GitHub? In Git, each set of changes is identified by a SHA-1 hash, so you can link to a specific changeset. Point is, this algorithm is everywhere and there’s too many implementations of it to count on two hands.

And BHS still got it wrong.

Shrina and tera-proxy and everyone else has to include a custom implementation of SHA-1 as part of the overall encryption code because BHS can’t get a ubiquitous algorithm right.

It doesn’t look intentional to me, either. There’s very clearly a set of constants that could’ve been changed in their custom implementation to make it like-SHA1-but-not-actually-SHA1. Those are unchanged. It’s more like they went down the checklist of how to do SHA-1 but then wrapped it up and called it a day without realizing they missed the very last step.

Which more or less describes the actual issue in the SHA-1 implementation, but that’s not a topic for this post.

Here’s my point. They botched SHA-1, and then thought changing three little numbers would be enough to stave off DPS meters.

Reverse engineering that stuff isn’t anywhere close to my skillset, but even I could tell you that you’re gonna need a lot more than that, because that was fixed in practically no time.

Signature Detection

Around the same time as the encryption key change, in other regions that use one of those anti-hack systems, they added a block on Shinra’s “signature”.

Now, I’m not very well-versed in this stuff at all, and I haven’t personally had to deal with this myself nor have I seen first-hand accounts, so I’m really going off speculation on how this detection works.

Antivirus systems have done signature-based detection for a very, very long time. The principle of it is that they know how certain key parts of unwanted programs look (the signature), so when they do scans of whatever’s running on your computer, if they see anything matching a known signature then they can be reasonably certain it’s a bad thing and take whatever action.

Based on what Shinra did, I assume that the anti-hack in whatever TERA region used a similar concept. Again, this is speculation, but here is what I think happens: the anti-hack looks at what programs your system is running, then goes to the .exe and reads it and computes the hash, and if the hash matches anything in its blocked database, it won’t let you launch TERA.

It’s an okay idea, because then it stops users from doing things like just renaming the file to get by checks on program names. But you might have noticed another very simple way to bypass it, and that’s what Shinra did.

They added a useless line to ShinraMeter that they were absolutely sure would be included verbatim in the exe and wouldn’t affect anything else, and then added a program to randomize that specific line. Now everyone’s copy of ShinraMeter could be made unique.

And… that’s it. That’s really it. This section is done.

The Present

Over a full year after BHS’s failed attempts to ward off these network-based mods, the next major incident brings us right up to the present.

On Developers

Three major developers—Bernkastel, Pinkie Pie, and myself—were all banned. Everyone else either changed GitHub names to mask their in game identities, or they never cared in the first place because they play on EU / other regions.

Want to know a common thread among all of them, banned or not?

Nobody stopped developing.

After the ban, Bernkastel released a costume-changing script for free and continues to support it and other scripts. Pinkie Pie? I’m not sure, really. I’m not in their Discord, but I hear there were talks of developing a private server.

(As for me, I’m taking a break. I’m a grad student pursuing an MS in Computer Science, thesis track. Between working on my thesis and writing this series, there’s not much time left for work on proxy stuff. That’s fine; I want to see how this whole thing goes anyway before I make any moves.)

These developers were toeing the line with their identities at stake. When they wake up one day and suddenly find out they’re banned, you’ve taken everything away from them. For EME, there’s nothing left to negotiate with. For a banned developer, there’s nothing left to lose.

What do you think is going to happen when you suddenly snatch away something that someone has been building up for years?

I’ve played TERA for five whole years. On a roleplay server. I can tell you about each and every single one of my characters’ roleplay personalities. I lead a guild that’s existed since May 2012 and that nobody’s even heard about because we’re an insular community that just wants to play the game with each other and have fun without seeking fame and glory. At some point or another, I’ve mained sorc, priest, lancer, archer, zerker, and mystic. There’s a ton of history there.

In fact, if you tallied how much playtime I accrued since the last time I checked and compared it to how long NA TERA has been out, it comes out to about 43%.

If I logged onto TERA every day since May 1, 2012 until the date in that chart, I would have had to be online for 10 hours a day. Every single day.

And that’s only the characters that were on CH.

So when I wake up one day and see an email that says, “Hey, um, we were kind of cool before but today we decided you don’t get to nolife in our game anymore,” it’s kind of hard to not have an initial reaction that isn’t along the lines of, “Oh, well, I guess I don’t have to be careful with anything anymore.”

In fact, that’s about one of the first things I typed since I found out the news:

o

i got banned

well screw playing nice

i’m listing cheaty shit on the directory now 🤷

In the days leading up to the ban, I did a massive revamp of some stuff and pushed a number of changes to the proxy (around 1,000 lines of code added and 250 removed) in preparation for a solid, real, actual “1.0.0” release to line up with the upcoming major content patch. As part of the big update, I was also in the middle of stepping up the website and documentation as well, which would include a listing of modules that were on the arguably benign side for proxy users. I DM’d a number of module writers on Discord to make sure they were okay with having a specific list of their GitHub modules added to the page.

So when I got the ban, it was like I didn’t have a reason to make it any more difficult for people to find the controversial stuff anymore. Why not list those too? Doesn’t matter if I’m already banned. Automatic mana pots? You’re in. Costume changers? There you go.

Since the ban, I haven’t actually made any changes there, and I still haven’t published the new website either. The documentation isn’t done yet and I don’t want to publish something that’s blatantly unfinished.

Either way, these banned developers were just players that largely wanted to fix flaws in the game that have gone unaddressed for years. We put our names to these fixes, and generally tried not to go too far with our shenanigans. And when bad people roll up, exploit the rewards store and whatever else, and then when we get swept up in the banwave with paltry attempts at communication, there’s not much of a reason for us to play nice anymore. If we wanted to blatantly exploit the game, it would not have been under our own names.

I’m not trying to argue whether or not the ban was justified. Everyone’s already dumped their two cents on why it was good or bad. I’m just here to point out that the ban doesn’t do a whole lot to developers.

For instance, I’ve mentioned it a few times but Alkahest is a project that aims to do the same as tera-proxy, but in a different programming language so it’s much simpler to add a proper UI. The Alkahest developer had the same idea as me with a 1.0.0 release landing on the next big content patch, and we’ve been talking about interoperability so that people can use both tera-proxy and Alkahest at the same time if they want to. And then we talked with ShinraMeter about interoperability with that too, so people can use all three at once with minimal issues.

So. You’ve banned some major developers from NA, one who had a major public community presence for other reasons, and you haven’t actually stopped any of the development. In fact, you went full Streisand effect and now a lot more people are aware of the proxy, which only gives developers more incentive to support their things, now potentially with malicious intent.

Hmm.

On Players

I don’t really need to cover this, do I?

Forum threads are being locked or disappearing altogether, users are being shadowbanned, and others are being straight up forum banned—sometimes for seemingly no reason (update: official reply from Spacecats).

This is a mess.

Reddit learned their lesson and replaced shadowbans with more transparent account suspensions over a year ago. Why is this still a thing?

People want clear and transparent communication and moderation. Anything else and you have them feeling silenced and censored with a company that they feel is growing increasingly out of touch for a game that’s been called “dying” if not “dead” for years.

I don’t even have much to comment on this. So many people already consider it such a massive PR disaster that there’s not really a whole lot else for me to say.

And you know what? The players that did get banned? They all know precisely where they messed up. A meter shown on stream or in screenshots or dumped in chat, or something a little more noticeable like automatically and instantly accepting all broker offers for the listed price.

EME did scare off a few people, I’ll give them that. But everyone else is either continuing as normal, or laying low for this whole fiasco to blow over before going right back to business like usual. For many people, especially the ones that really needed things like skill predictions or can’t get enough of delicious quality of life mods like automatic Vanguard completions, all you’ve done is make them less likely to show their game to anyone. Less screenshots, less streams, and… people still using the mods.

Banned developers. The developers still develop.

Banned some players. Many still play with their mods.

Hmmmm.

In the midst of all these bans being big news, why are people still doing it anyway? Because if you play your cards right, there’s no way for EME to detect these things.

“Undetectable”

That’s a pretty big statement to make, but with a few footnotes, I wholly stand by it.

I’m not trying to advertise this or anything as “our product is great because we engineered ways to get around EME’s detection systems”. The fundamental problem is that it is a cat and mouse game, and for any method BHS or EME takes to thwart these sorts of programs, people will find a way to get around it. It’s only a matter of time and effort.

How can I be so sure? Think about it like this. BHS and EME have only one thing under direct control: the game servers. We can be reasonably certain that they won’t be having anyone breaking in and fiddling with some bits or changing the server code and suddenly they’re cheating. The server is, for most purposes, safe.

However, they cannot fully control your computer. Once you download the game, it’s in your domain, not theirs. You can start up Cheat Engine—hell, go the extra mile and custom build an OS that can run Windows programs with some tools to directly edit memory without detection—and the only thing “stopping” you is the TERA client noticing it and refusing to play nice.

So then you just trick it so that it doesn’t notice. Then they have to find a new way to detect it.

It’s a cat and mouse game where the odds are in the end user’s favor. This is the same reason why offline DRM systems in general are doomed to fail. Someone was able to use it legitimately, so it’s just a matter of figuring out how to reach the same thing illegitimately with every tool at your disposal and absolutely nothing stopping you.

Sometimes, they do a really good job, but those sorts of systems get broken eventually. It’s just a question of how much time and effort people go into breaking it. Just Cause 3 was protected by a system called Denuvo, and so have a number of other games. It took over a full year for a public crack of Just Cause 3, but other games started falling in months, weeks, and then days. Was Denuvo considered a failure? No. They know they can never be uncrackable. All you can do is delay the inevitable, and often times that’s enough.

The only way EME and BHS can properly attack these “third party tools” in this manner is with increasingly aggressive detection tactics that quickly land a company in hot waters. Nobody likes things like GameGuard or PunkBuster—not even legitimate users. What about subtly introducing detection mechanisms? If all they do is throw up an error message and prevent the game from launching, people will find a way to get around it and you’ve only stopped the problem for a few hours, or days, or if it’s a real good attempt, maybe weeks.

How about going more aggressive? How about applying a permanent hardware ban instead of just showing an error message? Well, are you ready for false positives and complaints about privacy? The big GUI system I was planning for tera-proxy uses something called Electron. You know what else uses Electron? Discord. Can you imagine if they did a signature scan and got a false positive on Discord, banning everyone that uses Discord on the first day of their stealthy anti-cheat patch? Yikes.

Now, look. Their past attempts did work for a while. TERA.exe uses something called Themida to make it harder for reverse engineering. The custom encryption system raised the barrier to entry for network reading and modification. They did their job… but not for long.

It’s a technique called security through obscurity. If people can’t figure out how your system works, then surely it’s safe from attacks, right?

That’s pretty much how TERA has been operating for five years. There’s so many glaring security holes that I wish I could disclose, but I’d first love to see if EME would even be open to an attempt at responsible disclosure. It might not matter anyway, seeing as security issues from 2012 are still present today.

So when it’s suddenly easier to see and poke at these problems… well, you’re just plain fucked.

The Proper Response

Again, the only thing under EME’s direct control is their servers. There is never any guarantee that any incoming connection is from a legitimate, vanilla TERA client. It could be modded. It could be a bot simulating the protocol. You never know.

But that’s okay, because the server is the central authority. No matter what any client sends, the server has to verify and approve it.

TERA’s servers do a moderate amount of that already. You cannot cast a skill before its real cooldown is over. You cannot cast a skill faster or slower than what your attack speed and other buffs dictate at the time of casting. You cannot cast a skill if you are under the effects of crowd control abilities. If you try to do any of those illegally (as in, outside of the rules for TERA’s combat system), the server just says, “How about no?” and doesn’t do anything.

On the flip side, you have the common thread with most everything else that everyone universally disagrees on. The things where the server doesn’t properly check client input.

When you click try to buy something from the emporium, the server should be checking that you have the credits and that you have the reputation tier to buy it. It’s really not rocket science.

When—not if, but when—someone comes along and finds out that you’re not checking it, you can sure bet it’s going to be a big problem, especially with something so closely linked to real money.

And then the rewards system gets taken down for fixing, and then brought up again a few days… allegedly with the exploit still possible?

Come on. If you didn’t design it well enough for that to be a relatively simple fix, that system shouldn’t have gone live in the first place.

Anyone who’s ever worked with anything that communicates over the internet can tell you that you never trust the client. In fact, there’s a very neat article written about the topic in the context of MMO games already; Gaffer on Games discusses it in light of a massive cheater problem in The Division. This is such a core part of building any networked system that you’d just be shooting yourself if you don’t follow it.

Want to know one of the many reasons why Arborean Apparel hasn’t gone anywhere? I wasn’t happy with the networking. If you connect to an AA server that others are using, all it sends as identification is your own character ID. Anyone can spoof any character ID and forcibly play dressup with someone else’s character. That’s not cool and that’s not acceptable. I don’t even trust client connections to my own server.

We saw a sort of similar issue already with TeraDPS. Someone found their way to the admin panel and wiped the database clean. There were no solid, proper security measures taken on any sort of administrative actions. The site was, for the most part, trusting the client too much, and for that, it got bitten hard.

When the server is the central authority, it must make sure it verifies everything. Or at least with a reasonable room for error.

Take speedhacking. It’s been around for a very long time. Most people don’t abuse it because it’s obvious when someone is, but let me tell you how the TERA servers handle it.

If you’re within a few meters (somewhere under 10m?) of your last position, the server straight up accepts the new position no matter what.

If you move too far (as in, everything not covered by the above), the server forcibly disconnects you… but then saves the position anyway. When you log back on, you’ll be in the new spot like nothing ever happened.

I don’t even have words for this. It’s been in the game for five whole years and it’s still just as broken as ever.

You don’t even need the proxy for this. Cheat Engine works fine, so it’s not like it’s suddenly become a problem now. People are just noticing it more often because it’s a side effect of abusing improper desync handling in skill predictors.

How to Actually Correct These

I can’t speak too much for the server side. I don’t have their code and I can’t analyze their design and architecture. It may not be trivial for them to fix quickly, and that’s totally fair. In a game as big as TERA, I personally don’t expect anyone to have a fix done in a day, or even a week or month. But five years is pretty inexcusable for a lot of the glaring issues TERA has had since launch.

If your server or service can’t accurately verify things that are critical or exploitable, then you messed up your design and need to fix that. There is no negotiating this. You can’t say, “But the client shouldn’t be doing that anyway.” Someone will find a way. You should never be allowing the possibility in the first place. Like I said, it may not be the easiest to do, but you should be doing it anyway. Safety and security is never guaranteed.

We can, however, definitely talk about clientside approaches, which is another problem that gets overlooked. It’s much easier said than done to fix issues when you also have to account for user experience. People point to the skill predictors all the time and say that if we can do it in a few weeks or months, then surely BHS can do it too.

They’re not necessarily wrong, but they’re missing one critical component. Are our skill predictors in a state that we would release as part of the actual game? I don’t know about Bern and Pinkie, but this is a pretty big “no” from me.

I’m not saying they’re bad. Just that they don’t meet my standards for what I’d expect from a game that has thousands of players on a daily basis. Some people find ways to abuse them, like forcing desyncs. Even getting innocent desyncs never feels good while you’re stuck watching yourself shooting Rapid Fire blanks.

The more you start predicting actions on the client, the bigger chance you have of things getting horribly desynchronized. This is not trivial to fix at all, and I myself would find it fair if BHS can’t fix it properly in a year let alone even bother attempting that sort of stuff after 5 years of being live plus whatever development time before that.

As one of many people who worked on these skill predictors, here is the main issue that we face. There are only two things we can ever do with an attack animation: start one, and end one.

If we had some way to adjust where in a skill animation we’re at while in the middle of it, it might look a little jank, but on the proxy side we could better update things so the player has a better idea of what they’re really doing at the moment, aside from delay due to latency. As it is now, it’s pretty easy to just say, “Well, we messed up and properly recovering is hard if not impossible, so let’s just do whatever.” Which, in my case, is nothing at all.

But what we probably want is a much better, official way to handle it, and that’s something that’s not so easy to answer.

On one side, you can just make the server step its foot down. “This is where I say you are and what you’re doing, no questions.” So the client says, “All right, player, here is where we are and what we’re doing because the server said so. Doesn’t matter what we thought before.” Teleport the player to the new spot and animate whatever they’re supposed to be doing, no matter what.

It’s the easiest solution, but it provides the opposite of a good user experience. No player likes seeing that.

Instead, the client needs to get updates from the server when either side thinks there might be desync, and smoothly animate things to the correct places. If a legitimate client hears from the server that it’s several meters off from where it really is, it should gently nudge the player back to the proper position over the course of a half a second or more. For very small discrepancies, it might not even matter, and for the larger ones, it’s less jarring than suddenly teleporting 10 meters to the side.

For clients that are way off? Trying to teleport across the entire zone? The disconnect is fine, but please don’t save the new position. Does this really need to be said? If you want to play nicer and give the benefit of doubt, just throw up a load screen and drop the player back where they really should be.

But the very fact that they have to account for these sorts of issues of not ruining user experience means it’s not so easy to just magically fix these problems either.

Either way, that’s my take on the prediction stuff. I’m not a big game developer. I’ve never had to make a game that does clientside prediction. I’m far from an expert. But as someone who has casually worked on that stuff in my spare time, that’s the approach I’d try taking if I have the resources.

The root of the issues should be clear by now. Can tera-proxy and skill predictors allow people to exploit desync? Yes. Does disallowing their use and banning the developers stop people from exploiting desyncs with or without them? Not even close.

Again, I’m not saying that the proxy and predictors are suddenly okay to use. If you think they’re bad, period, I’m not here to argue that. If you think it’s totally justified to ban me for releasing a tool that more easily allows people to do bad things, I’m not here to argue about that either. The main point I’m making here is that the actions being taken against them are doing nothing to solve the problems being faced.

If people are cheating, then your primary concern should be to fix the exploits.

When you’re in charge of the server, the sole central authority, and you accidentally authorize malicious or illicit actions and then whine that people are doing them instead of actually fixing them, it makes no sense and doesn’t solve anything.

The Community

The server and client code aren’t the only things that need addressing.

The (NA) community is very divided on the topic, and to me, that’s very understandable. What some people consider to be cheating is being conflated with the ambiguity of “third party tools”. There’s a spectrum of what players believe to be acceptable, and you can find at least one person at every level. Here’s a list of pretty much every viewpoint I can think of on every one of these topics to get an idea of just how hard it is to cleanly draw the line.

Note: Every line in this section has an accompanying explanation of how some people feel about it. The phrasing does not mean I personally share or endorse the sentiment.

Game File Modifications

Everything under here is not formally allowed by EME, and discussion of them is not allowed anywhere on official sites.

No edits. You run the game as-is, and any other configuration should not be allowed.

.ini edits. For the most part, these are tweaks that are harmless to the game, but do make it run significantly better for many users. Most people think this is okay.

.gpk edits. We don’t get stuff that other regions get, or sometimes people want to fix glaring issues like awful UI. Let’s patch that right up without directly interfering with normal gameplay. Lots of people do this too, and they are very happy about their Japanese Elin voice packs and Alice in Wonderland dresses et cetera.

Macros

All human input. No macros, period.

Non-combat macros with presence. EME used to say this was acceptable. You can log onto a priest and have a macro that presses your buffs for you, and it’s acceptable as long as you’re actually there at your system watching the game.

Non-combat macros without presence. Is it fair to leave that buffbot on 24/7 and never look at the game? How about if you extend it to things like gathering? Why would gathering be okay when Felicity is essentially the same thing?

In-combat macros. I’m not sure if EME ever explicitly allowed this, but it is an important distinction to make. Now you gain a direct gameplay advantage, like with shield barrage block cancels. Most people have the line here or earlier, believing that these should not be allowed.

DPS Meters

Vanilla. No packet sniffers. If you want to know how well you’re doing, you either figure it out through entirely in-game means, or you just have to live without knowing. Lots of people think that DPS meters make people do awful things.

If you’re not being a jerk. This is how another significant population feels about meters. It’s totally acceptable to want to know, objectively, how you (and others) are performing so you can become a better player. Just don’t rag on people for not being 100% perfect.

Completely fair game. You’re not modifying the client, and everyone has a right to know how everyone is performing, so it’s okay. “If that IMS valk is doing under 100k/s, they deserve to know that they’re trash.”

Proxying / “Injecting”

Vanilla. Once you start being able to directly interfere with the game, it’s a no-go.

Benign quality of life modules. Auto Vanguard, cutscene skipper, chat timestamps, disabling AFK logout timer. These don’t give any direct gameplay advantages, or you were already going to do them with a few clicks or keypresses that are tedium rather than indicative of skill.

Simple quality of life modules. battle-notify allows full customization of alerts for in-game events, like ShinraMeter already does with things like boss enrages or Hurricane applications. Auto Nostrum applies after accepting a rez. Modules for enrage announcements and timers in /n. These sorts of modules do provide a combat advantage to some degree, but these add nothing new to what’s already on the screen, or anyone committed enough could have already run timers or mentally timed it themselves.

Macro-equivalent. You could be macroing your buffbot skills. You could also do it just as well with a proxy module. If the end result is the same, shouldn’t they be treated the same?

Skill predictors. Some people believe that these provide a universal advantage since even a 10 ms player can shave off that 10 ms, and that easily categorizes it as a cheat. Others feel that the 10 ms difference, plus the cost of massive desyncs, is nothing close to a noticeable advantage, while also helping 100+ ms players have fun again.

Clientside changes only. Some believe things like playing dressup should be fine if nobody else can see it. If people can preview those sorts of changes, they might even be more likely to spend money and buy cosmetics so other people can start seeing it too. More money is good.

Everything else. Unless I’m missing any remaining categories of scripts, the rest fall under what is pretty universally regarded as cheating or exploiting.

Talking to the Community

For every choice in every category listed above, I can guarantee you can find someone who would draw the line there.

There is no easy answer, even moreso when it’s so hard to enforce.

The main part where EME messed up is having some of these fly under the radar, turning a blind eye to some of these for five whole years, and all of a sudden overnight attempting to blacklist everything that isn’t the vanilla game—not only that, but denouncing everything else. Any possible reason for using anything more than the vanilla game is automatically and unconditionally irrelevant because it’s against the Terms of Service. Are you an archer with 200 ms ping? Tough luck. Learn and play with an objectively inferior rotation. Maybe reroll another class.

People not only want clear, open, honest, and transparent communication. They also want to be acknowledged for where they came from. Stating that the answer to any “is it okay?” modding question is a hard “No, it’s not.” is a big slap to anyone innocently using .ini mods to get more than 5 fps in dungeons. Saying that “an honest player who appreciates tackling the challenges TERA has to offer” is probably “not a big fan of injection” spits on the players for whom ping reduction modules are the very thing that allows them to appreciate tackling the challenges TERA has to offer because the game grows increasingly unplayable the higher you go from 50 ms—which some people already think is unplayable.

Look. I’m not saying any of these modifications are okay. I’m not trying to say my proxy is fine and I should be free of charges. But right now, the community is probably the most divided it’s ever been, and that seriously needs some addressing.

My take on it? I’m no Community Manager, so I can’t say my approach will even work, but as a player, I have a pretty good idea of what I want.

EME needs to do some research and actually get in touch with its playerbase. They need to realize that, yeah, it actually really super duper sucks to play with high ping so it’s understandable that people would want to try fixing that. It’s still not acceptable, but they get it. Unfortunately, they can’t enforce anything about it very well, so their next course of action is to put their foot down and start being serious about it.

They also need to realize that a significant portion of the hardcore endgame PvE community is aware of, if not already using, this stuff. They get to push the limits. That’s what’s fun for them. DPS meters let them objectively gauge it, and skill predictors make an effort to even the playing field. You can bet these guys are big fans of injection—not necessarily all of it, but at least QoL modules are all the more worth it for people that play for twelve hours a day. Some players, like myself, have spent this much time with the game and been subscribed or had elite for most, if not all, of our time here, only to land tier 4 in a “loyalty” system, so we don’t also need disparaging comments on how your hardcore endgame community just isn’t “honest”.

Then, clearly delineate everything that is and isn’t acceptable, with explanations. No, .ini mods aren’t officially acceptable because we know some users do things like showing hitboxes and we don’t think that’s okay so if we see it in screenshots we will take action, but if we see FoV edits we might leave those be. No, .gpk mods aren’t acceptable because we do not have the licenses for those things you’re importing from Korea and we can’t allow that so if we see it in screenshots or videos we will remove them from our forums. DPS meters are never acceptable, et cetera.

Then address how you plan to approach the issues. If meters are officially gone, will we at least be getting crusade leaderboards back to replace them for the part of the community that does parse runs? If we can’t pretend to play from Chicago, will there be anything done to improve the game in that regard?

I mean, we all know the answer to these questions. No, and no. EME has to politely request that BHS implement any of these changes, and there’s a high chance BHS won’t think it worth their time and effort. (I’d love nothing more than to be proven wrong, though.)

But when all’s said and done, I think that there’s just one thing that everyone would like to hear. It won’t solve all of the problems, and it’ll still probably attract some hate, but it’ll be a significant first step.

The players want to hear that you understand them, and while these modifications are not and never were allowed, you get it. You totally recognize their intentions, but you can’t enforce any of it, and that’s why you unfortunately have to start seriously putting the foot down.

Right now, that’s the best outcome I can hope for.

The End?

Thank you so much for sticking with me through this very long series. I’ve probably written enough that I could actually get it published as a book.

I’m sure a lot of people still have questions, and there are some people making controversial statements about me and my work, so I plan to address as much of those as I can in the final post. If you have anything you’d want me to address there, send me a tumblr ask. The questions will be displayed anonymously, unless you mention in your ask that you really want your name on it.

Answers to those, as well as a summary of these big walls of text, will be covered in the final part: the Conclusion (to be published sometime later this week).

Corrections

May 2, 2017, 4:06 am: Changed “I don’t even trust my own clients.” to “I don’t even trust client connections to my own server.” I think some people are interpreting this to mean that I’ve sold my scripts. That’s a cute interpretation for your narrative, but sadly not the case. I’ve never sold any script, period, and here I distinctly intended it to mean “network client”, or “incoming socket” if you want to get technical.