blueben/gist:4887885d1b15c24f858145bcec0ddc0a

## gistfile1.txt
Hi! I don't work for VRC, I'm just a player. But I do want to address some of the issues relating to the elimination of VRChat client mods brought up in the VRChat feedback system. This is a direct response to this post: https://feedback.vrchat.com/open-beta/p/eac-in-a-social-vr-game-creates-more-problems-than-it-solves

Firstly, I think it's important that people know that you (knah) maintain a large repository of VRC mods. I don't think anyone would consider them malicious, but it is important for folks to be aware of your bias in this matter. Anti-cheat will make a lot of the work you've done obsolete and that has to be a hard pill to swallow.

================================
* Most games that use EAC (or other anti-cheats) still have cheaters. For VRChat, this means that malicious mods will still exist and be used to annoy people in publics.
================================

This is technically correct. It is also irrelevant. Of course there will always be cheaters. The goal isn't to make cheating impossible, the goal is to make cheating *more difficult* and to eliminate easy casual cheating. This is just one (big) step on the path to continuing to improve the game.

================================
* Some of VRChat's problems (avatar ripping, crashing) have nothing to do with client mods. It's exceedingly easy to do both without mods. In fact, wholesome mods are used to prevent crashing and make ripping harder. All EAC does in this case is make people crash more due to lack of protections."
================================

You are again technically correct. These things can be done without mods. But you also miss the bigger picture. Easy access and installation of mods makes these problems worse. It makes the ripping problem *massive*. Folks, have you had an avatar stolen and end up on RipperStore? Guess what? A mod did that. RipperStore provides their users with a mod that loads up with melonloader and *automatically rips every avatar it sees* and sends it up to their website, paying the mod user in credits for every ripped avatar.

The RipperStore mod is like a high speed train delivering stolen avatars straight to RipperStore. Eliminating this one mod will do more to prevent ripping than ANY OTHER POSSIBLE CHANGE VRC COULD MAKE TODAY.

Can you still rip without the mod? Yes you can. Is it as easy or simple as installing the mod to do the ripping? No, it is much more difficult and will never be as effective or scalable as the RipperStore mod ever again. (I'll give a little additional technical info on this in another post).

================================
* The blog post once again shifts the blame to mods for account theft. At the same time, VRChat Team soft-endorses OSC software, "as long as you can build it from sources yourself". What do you know, the same applies to most wholesome mods - they're completely open-source and safe. This is a blatant two-faced lie to spin the narrative in your interests.
================================

Aside from the fact that there are malicious mods which steal accounts, this is not entirely wrong, though it's really a criticism of policy rather than technical issues. However, I will take a moment to note that open source does *not* mean perfectly safe. Folks in the software dev profession will recognize the phrase "supply chain attack", a now common attack vector which is not solved by simply being open source (and is sometimes exacerbated by it).

Also going to point out that as a prolific mod creator, your post could also be seen as engaging in some spin. ;)

================================
* Mods causing issues for creators or VRChat Team on game updates? The main source of update breakage is VRChat deliberately obfuscating their code, making mod development harder. As for creator issues, some mods also provide brand new possibilities that VRChat refuses to consider or will consider "soon" (see below).
================================

This is the main source of update breakage for *mods*, not the VRChat client. And unfortunately because users can not differentiate between the two, support issues land in VRChat's lap. They've mentioned plainly that this is an extremely common occurance for their support team and I don't see any reason not to believe them. The long and the short of it is, without mods the workload on VRChat's team is lighter and they can focus on other problems.

================================
* VRChat has been historically slow at adding features. You promise mod features "soon" but people can have them now, via mods. It's very likely that "soon" in this case will be either "years",  or "never" for more niche features or features that don't align with your team's grand vision. To this day IK2 is far from perfect (people still use you-know-what), avatar favorites are pitifully limited, and most mod features are not even mentioned anywhere, with their canny posts lying forgotten and buried.
================================

You're right. VRC is a company with limited resources, and they can't implement every feature as quickly as everyone would like. And yes, it totally sucks that we can't throw free labor at them to help. But as it stands today (in the socio-economic system we're in) that's the hand we've been dealt. The security needs outweigh the benefits of more open development.

As for the loss of mod features, VRC's announcement specifically says new features (implied as replacements for some of the QoL, etc mods folks love) will be rolled out over the next few weeks. That's a pretty good timeline and much better than just "soon".

# Your suggestions

================================
* Drop EAC and forget it ever existed. Same for any other anti-cheat.
================================

This is more of a mandate than a suggestion for solving any of the core issues at hand.

================================
* Focus on actual security - not trusting the client, fixing exploits, having serverside checks. It's actual work, but it's also the only thing that has results. Not pretending that an anti-cheat solves anything.
================================

Sadly, security is not something you can just sprinkle on to code to solve all problems. I know VRC is working incredibly hard on security issues that do exist, and have been hiring security engineers. But even with all of the (kinda vague) suggestions you offer, the client still needs some level of protection as the RipperStore mod and others clearly demonstrate.

================================
* Drop obfuscation from most of the code. It didn't stop modding and only caused issues on game updates. Mods for non-obfuscated games break way less on updates. You can keep obfuscation on parts you deem critical to security, like Photon - not that it will stop anyone, but at least it will send a clear signal.
================================

This isn't really a problem for users, but only for modders (even helpful modders like yourself!). As you acknowledge, this suggestion just makes modding easier and doesn't deal with any of the issues.

================================
* Adapt to the reality of people modding the client. Update TOS to distinguish malicious and non-malicious modifications. Normalize talking about mods, so that most issues investigations can be safely started with "do you use any mods? If yes, try without them". You don't have to support mods, obviously, but you'll have way easier time dealing with the fact that people use them.
================================

Ultimately this suggestion is just "do what you do now, but more of it". ToS can't stop malicious mods, and keeping track of the universe of mods out there to figure out which are malicious and which aren't is a massive task which is even more work for VRC to do.

Though a lot of people aren't feeling the love right now, ultimately this update shows that VRChat *does* care about its users and is working hard to protect them. When you run a system like this, it's hard *not* to care about your users. And a big part of caring about your users is not needlessly exposing them to risks.

Right now the unprotected VRC client is too open, and exposes users to too much risk. No number of ToS warnings, popup reminders, finger wagging, or even open sourcing can change that fact. As long as easy modding is possible, and people are trained to use that modding system, there will be folks who abuse that modding system to convince users to install malicious mods.

Finally, I would suggest that if folks want continue to see the benefits that modding provides, talk to VRChat about implementing a mod whitelist program. If they have the resources to make such a thing a reality, don't expect it any time soon and expect significant restrictions. Supporting officially blessed mods is a big undertaking and VRC is not a massive team.

## gistfile2.txt
# Technical mumbo-jumbo

So how does eliminating the RipperStore mod make it so you can never have the massive amount of ripping seen today ever again? Right now avatars are served from assets.vrchat.com, which is served with AWS CloudFront.

Why does this matter? Because CloudFront has multiple methods of implementing access restrictions, which make it very difficult for any single entity (like RipperStore) to download a lot of avatars at once. So how does RipperStore make it work today? By using the client mods as a distributed network of VRC players who look perfectly legitimate to a system like CloudFront (because they are legitimate!) to download avatars for them and upload them to their website. You can think of it as a DDoS, but instead of denial of service each of the clients acts as a downloader for RipperStore.

VRChat can't block this behavior because it's invisible to them. The avatar download is being done by a legitimate, active VRC player. The *only* feasible way to stop this behavior right now is to prevent the modded client from uploading avatars to RipperStore. And to do that you must block mods.

Now, are there other ways to do similar rip systems? Yup! (Am I going to describe them here? Haha, no.) But this is a high speed ripping pipeline that has to be shut down.
	Hi! I don't work for VRC, I'm just a player. But I do want to address some of the issues relating to the elimination of VRChat client mods brought up in the VRChat feedback system. This is a direct response to this post: https://feedback.vrchat.com/open-beta/p/eac-in-a-social-vr-game-creates-more-problems-than-it-solves

	Firstly, I think it's important that people know that you (knah) maintain a large repository of VRC mods. I don't think anyone would consider them malicious, but it is important for folks to be aware of your bias in this matter. Anti-cheat will make a lot of the work you've done obsolete and that has to be a hard pill to swallow.

	================================
	* Most games that use EAC (or other anti-cheats) still have cheaters. For VRChat, this means that malicious mods will still exist and be used to annoy people in publics.
	================================

	This is technically correct. It is also irrelevant. Of course there will always be cheaters. The goal isn't to make cheating impossible, the goal is to make cheating more difficult and to eliminate easy casual cheating. This is just one (big) step on the path to continuing to improve the game.

	================================
	* Some of VRChat's problems (avatar ripping, crashing) have nothing to do with client mods. It's exceedingly easy to do both without mods. In fact, wholesome mods are used to prevent crashing and make ripping harder. All EAC does in this case is make people crash more due to lack of protections."
	================================

	You are again technically correct. These things can be done without mods. But you also miss the bigger picture. Easy access and installation of mods makes these problems worse. It makes the ripping problem massive. Folks, have you had an avatar stolen and end up on RipperStore? Guess what? A mod did that. RipperStore provides their users with a mod that loads up with melonloader and automatically rips every avatar it sees and sends it up to their website, paying the mod user in credits for every ripped avatar.

	The RipperStore mod is like a high speed train delivering stolen avatars straight to RipperStore. Eliminating this one mod will do more to prevent ripping than ANY OTHER POSSIBLE CHANGE VRC COULD MAKE TODAY.

	Can you still rip without the mod? Yes you can. Is it as easy or simple as installing the mod to do the ripping? No, it is much more difficult and will never be as effective or scalable as the RipperStore mod ever again. (I'll give a little additional technical info on this in another post).

	================================
	* The blog post once again shifts the blame to mods for account theft. At the same time, VRChat Team soft-endorses OSC software, "as long as you can build it from sources yourself". What do you know, the same applies to most wholesome mods - they're completely open-source and safe. This is a blatant two-faced lie to spin the narrative in your interests.
	================================

	Aside from the fact that there are malicious mods which steal accounts, this is not entirely wrong, though it's really a criticism of policy rather than technical issues. However, I will take a moment to note that open source does not mean perfectly safe. Folks in the software dev profession will recognize the phrase "supply chain attack", a now common attack vector which is not solved by simply being open source (and is sometimes exacerbated by it).

	Also going to point out that as a prolific mod creator, your post could also be seen as engaging in some spin. ;)

	================================
	* Mods causing issues for creators or VRChat Team on game updates? The main source of update breakage is VRChat deliberately obfuscating their code, making mod development harder. As for creator issues, some mods also provide brand new possibilities that VRChat refuses to consider or will consider "soon" (see below).
	================================

	This is the main source of update breakage for mods, not the VRChat client. And unfortunately because users can not differentiate between the two, support issues land in VRChat's lap. They've mentioned plainly that this is an extremely common occurance for their support team and I don't see any reason not to believe them. The long and the short of it is, without mods the workload on VRChat's team is lighter and they can focus on other problems.

	================================
	* VRChat has been historically slow at adding features. You promise mod features "soon" but people can have them now, via mods. It's very likely that "soon" in this case will be either "years", or "never" for more niche features or features that don't align with your team's grand vision. To this day IK2 is far from perfect (people still use you-know-what), avatar favorites are pitifully limited, and most mod features are not even mentioned anywhere, with their canny posts lying forgotten and buried.
	================================

	You're right. VRC is a company with limited resources, and they can't implement every feature as quickly as everyone would like. And yes, it totally sucks that we can't throw free labor at them to help. But as it stands today (in the socio-economic system we're in) that's the hand we've been dealt. The security needs outweigh the benefits of more open development.

	As for the loss of mod features, VRC's announcement specifically says new features (implied as replacements for some of the QoL, etc mods folks love) will be rolled out over the next few weeks. That's a pretty good timeline and much better than just "soon".

	# Your suggestions

	================================
	* Drop EAC and forget it ever existed. Same for any other anti-cheat.
	================================

	This is more of a mandate than a suggestion for solving any of the core issues at hand.

	================================
	* Focus on actual security - not trusting the client, fixing exploits, having serverside checks. It's actual work, but it's also the only thing that has results. Not pretending that an anti-cheat solves anything.
	================================

	Sadly, security is not something you can just sprinkle on to code to solve all problems. I know VRC is working incredibly hard on security issues that do exist, and have been hiring security engineers. But even with all of the (kinda vague) suggestions you offer, the client still needs some level of protection as the RipperStore mod and others clearly demonstrate.

	================================
	* Drop obfuscation from most of the code. It didn't stop modding and only caused issues on game updates. Mods for non-obfuscated games break way less on updates. You can keep obfuscation on parts you deem critical to security, like Photon - not that it will stop anyone, but at least it will send a clear signal.
	================================

	This isn't really a problem for users, but only for modders (even helpful modders like yourself!). As you acknowledge, this suggestion just makes modding easier and doesn't deal with any of the issues.

	================================
	* Adapt to the reality of people modding the client. Update TOS to distinguish malicious and non-malicious modifications. Normalize talking about mods, so that most issues investigations can be safely started with "do you use any mods? If yes, try without them". You don't have to support mods, obviously, but you'll have way easier time dealing with the fact that people use them.
	================================

	Ultimately this suggestion is just "do what you do now, but more of it". ToS can't stop malicious mods, and keeping track of the universe of mods out there to figure out which are malicious and which aren't is a massive task which is even more work for VRC to do.

	Though a lot of people aren't feeling the love right now, ultimately this update shows that VRChat does care about its users and is working hard to protect them. When you run a system like this, it's hard not to care about your users. And a big part of caring about your users is not needlessly exposing them to risks.

	Right now the unprotected VRC client is too open, and exposes users to too much risk. No number of ToS warnings, popup reminders, finger wagging, or even open sourcing can change that fact. As long as easy modding is possible, and people are trained to use that modding system, there will be folks who abuse that modding system to convince users to install malicious mods.

	Finally, I would suggest that if folks want continue to see the benefits that modding provides, talk to VRChat about implementing a mod whitelist program. If they have the resources to make such a thing a reality, don't expect it any time soon and expect significant restrictions. Supporting officially blessed mods is a big undertaking and VRC is not a massive team.
	# Technical mumbo-jumbo

	So how does eliminating the RipperStore mod make it so you can never have the massive amount of ripping seen today ever again? Right now avatars are served from assets.vrchat.com, which is served with AWS CloudFront.

	Why does this matter? Because CloudFront has multiple methods of implementing access restrictions, which make it very difficult for any single entity (like RipperStore) to download a lot of avatars at once. So how does RipperStore make it work today? By using the client mods as a distributed network of VRC players who look perfectly legitimate to a system like CloudFront (because they are legitimate!) to download avatars for them and upload them to their website. You can think of it as a DDoS, but instead of denial of service each of the clients acts as a downloader for RipperStore.

	VRChat can't block this behavior because it's invisible to them. The avatar download is being done by a legitimate, active VRC player. The only feasible way to stop this behavior right now is to prevent the modded client from uploading avatars to RipperStore. And to do that you must block mods.

	Now, are there other ways to do similar rip systems? Yup! (Am I going to describe them here? Haha, no.) But this is a high speed ripping pipeline that has to be shut down.