Posts made by Ghost

@Juniper said in Telnet Safety:

bless faraday for having the patience for this

Bless your heart, too

Spaceballs 2 is in development with Josh Gad and Mel Brooks at Amazon, as reported by Variety Magazine. No word yet on the possibility of return actors (including Rick Moranis)

@faraday Mo' tech, mo' money, different problems

@faraday I think this would have been an amazing conversation over coffee, and I apologize. I don't mean for my tone to come across as accusatory as it did. I'll keep an eye on that, especially with you since you're awfully nice.

In my head this was more of a "DUDE...BUT..." type cubicle conversation about tech stuff, but one thing I think we did amazingly here is provide a point/counterpoint.

I am a former MUer with evident trust issues with the globulous "community" who is approaching this from the point of view of "...the bad scenario" and wanting to state out the width of possibilities to get them out there and undernconsideration

You are still prevalent in the community and are approaching this from a "stepping back from that, this is more likely" approach, and are providing a technical counterpoint about where the safety works and why it is better than it used to be (it is!)

I do think one thing is sure, though. Whatever next state the hobby takes will probably include someone either improving the insecure transmission issue through some new client/interface to cover that problem, or improvements to client/web interfaces using TLS to allow for more of the customization that MuClients provide.

And hot-damn, I'm still wondering about Diffie

@faraday said in Telnet Safety:

Absolutely everything in your nightmare scenario can be done if the game is running SSH/HTTPS. You're blaming the technology for a people problem.

Yes and no.

A person with admin-type access has access to connection level information even through HTTPS, and on-server can log/monitor communications, yes. That is correct.

But it is significantly harder for even someone with that admin access to utilize an HTTPS(TLS) connection to further exploit their own users without being detected or perform unwanted session redirects without being detected.

It is a people problem, yes, but to spoof a TLS connection you'd need a forged certificate and the actual public key of the target site. You don't need that with telnet. TLS mitigates a lot of the potential attack vectors, but even with TLS there are issues.

1. A user connected via HTTPS roleplaying with a player connected via telnet potentially exposes things further through the telnet player. The TLS user sends/receives encrypted data, but the same data (pages to telnet player, etc) are then transmitted to the telnet user in cleartext because the sessions are with the host and not P2P or arranged through something like "shared key/insecure network" security provided by Diffie Hellman.

(I'm now wondering if it's possible to implement something like Diffie-Hellman on a MU server....its sure AF old enough, and I now wonder if the Unix-based programming in a MU client could handle the exchange of a shared DH/AES key with the connected telnet user. Might be worth exploring for telnet users, and tls for https users.)

^^^ IF this is possible (being theoretical, here), I recommend including "log text" in the MU to record something like this:

• mask the shared key/IPs sent to the username's session, but keep the date and timestamps to ensure other staff aren't collecting data (The shared private key between host and client can be used to decrypt). ONLY access the non-masked information on a need-to-know basis, locked behind God privileges, and NOT accessible on the same staff logins even the headwiz uses regularly
• if the implementation is stable enough and works, require telnet users to accept the randomized shared key and connect via D-H to play on the game. Everyone is encrypted.
• IF possible (unknown), idle connections are released after being idle (other user disconnected) for an hour, release the DH shared key, and require a new one
• IF possible, include a list of blacklisted usernames and IPs who are to be denied the DH key. Forcing this may actually be the solution to further keeping people off of games.
• may require a client download on the user's side to complete the connection and run parallel to their MU client

(Again, D-H is deprecated as shit and crackable even in this implementation, but it is better than Telnet and further mitigates local router snooping telnet logs, as well as any other session interception reading issues. Im not sure if anyone has tried D-H over MU via telnet before, but if the BBSsystem can handle the handshaking and the client is a free and safe download, this could be the answer.)

2. If the certificate (for Ares I don't know off hand if it's the hosting site's certificates or faraday's, and no one should know where its stored) is exposed through any means, a malicious user can decrypt as desired

3. TLS 1.2 is still vulnerable to Raccoon, large ticket injection, Sloth, CRIME, BREACH, etc, but those require more skill and talent to breach, though MUs are not likely targets for these attacks. I doubt a MUser would go to these lengths.

@reimesu that sucks. I love a LOT of his movies. He's also got a pretty talented kid lol.

I remember an interview (Conan I think) where Donald said that his son has 5 middle names. When asked why, he said "Because I owed a lot of money at the time" or something like that lol

"Kiefer William Frederick Dempsey George Rufus Sutherland"

The real story is that he was named after 5 people his parents adored and admired.

(From the webz)
Kiefer Sutherland's five middle names were mostly chosen to honor multiple important figures in his life, including his mother (Dempsey was her maiden name), paternal grandfather Frederick, and father's close friend George. The reasoning behind Rufus remains a mystery, even to Sutherland himself. Pretty beautiful story and shows a bit of who Donald was

@faraday And that's fine! Please don't mistake my tone as hostile; I'm really not.

The reason why https was made as a standard for websites (and thus web portals like Ares) is the addition of Transport Layer Security (TLS) that simply encrypts the data to keep it private. If it was simply that https was the standard of the service you were using, that's great. At least connecting through the Ares portal it provides some of that.

I don't think that you're an idiot who doesn't care about basic security principles, but I do think that the differences in bias in this conversation have led you to the "the risk is low" stance, whereas mine is "the risk you are focusing on is low, but there are other risks." It's just that "ignoring" the risk should only be recommended if you know the potential totality of damage if it were exploited.

No, a user cannot "take control of your machine" through use of telnet/23, but it is one hell of a sieve that can be exploited to violate your privacy, engineer further attacks (up to and including infiltration), and due to the use of telnet the risk isn't just your local machine, but the local machines of the other users and the MU itself (in terms of data breach).

I've said it before and I'll say it again:

• The #1 issue about leaving your data everywhere is retention. It is simply possible (and has been done many times) that MU owners can collect your data, it is stored on server, angry staffers steal the codebase, and in a lot of these cases there are no real questions asked about what (or if anything) is done with that data once the server is stolen/closed down. When Fallcoast got stolen, people found all kinds of other peoples' data on that yoink. Email addresses, conversations in pages people thought were private, etc. It can all be grabbed, and that -can- include data you don't want unintended people to know (addresses, names, businesses, phone numbers, email addresses, etc)
• "Mal" from Serenity and his goons were notorious for going "dark" and sitting in to watch people's TS, monitor their pages, and in many cases players found themselves getting screwed over for stuff they didn't know other players were watching. Changes to telnet since then: None. Still possible everywhere.
• There is so little active trust in the community that I don't understand why people REFUTE this topic so badly, when it is a technical fact. It is 100% believed there are psychopaths and "bad actors" in the community, and 100% confirmed there are people who like to RP sex with kids in the same community (and some on this forum even refer to it as "age play" - airquotes and yikes), but...what(?)...24.5% belief that any one of those people would exploit the use of the open protocol to get intel on players? Doesn't make sense at all. Why does the trust sudden show up there?

There are people who spend actual time of their lives trying to hide from the likes of SpidJeurgOppWhoever like they're going to swoop in at any moment to ruin their lives and destroy their self-esteem, stating that they're "dangerous" and "probably violent" and other choice words like "sociopath" and "incel" (et cetera; et cetera; et cetera), but then when a guy like me says "you know these psychos can SO easily fuck your lives up with this, right?" That the risk isn't through your roleplay but -- yanno -- them skipping past trying to RP with you to literally stalk you (as a person), completely undetected....and people are like:

"Nah! I ain't Bank of America so it's cool"

I will say this, though, not that I would do anything like this, but if I had threatened in this thread to send details on how to do this to any of those "bad actors" I'd probably get banned and send a lot of people into a state of anxiety, which would prove the point that the risk isn't in the RP being snooped. The risks are quite literally in the vein of:

AN EASY SCENARIO THAT IS 100% POSSIBLE AND REQUIRES NO TALENT TO PULL OFF

• MUing: an open, free hobby shared with an unknown number (but confirmed) stalkers, paedos, etc
• there is a lot of "stranger danger" factor, with unlimited ways to sneak in and infiltrate
• New games are ultimately trusted long enough for at least one connection to "check it out", which would be sufficient to give an insecure/non-VPN ip address to start the process. I figure it would take me a couple of months to cultivate a new "identity" on this forum or the other one, say "I'm Dave from Florida, new to the hobby but a Linux guy, and I'm gonna try to make a game, too!". Maybe go to the other forum and talk shit about Derp or something for 5 minutes until people are like "DUDES THIS NEW DAVE IS FUCKING RAD" (it's not hard to get in with these crowds at all, really. All you have to do is hate the people they hate. I've been in and out of the clique myself a few times back in the day - not to their knowledge"+"). People are generally excited for new play opportunities, and since this isn't a big risk at all, no one needs to really worry about the telnet connection, right?
• Player-Attachments to MU Clients (and the ways you can store sites, macros, etc) almost all use telnet/23, and it is unlikely that people would get rid of those in favor of https without their embedded colored text, spawn windows, etc
• A patient enough person exploiting this could simply gather data (RP, pages, chats) over time, completely unaware to an entire playerbase to datamine information on players, their IP addresses, backtrace those to their geolocation, apply their name/location/kids names/dogs' names/cats' names/spouse names/alma mater and then apply those to social media searches on X/FB/Insta/LinkedIn. At this stage it gets downright creepy.
• They could then utilize those methods to prepare guessed passwords, perform penetration testing for other insecure parts of the users' machine(s), and use that to get additional access on the PC. Regardless of that, the geolocation data is sufficient enough to make physical contact if so desired, with either the desired user or their personal interests (work, family, safety)
• How many MU players (that you really don't know) have YOU received private information about from 3rd parties that includes their jobs (lawyers? We got any lawyers in the house?) their general locations, their names, their sexual preferences, etc. How many players do you know on this forum and through their posts alone how much have you learned about their lives, medical needs, emotional needs, their twitch streams, their online writing and blogs, their extensive posts about their personal lives and what they're going through? Don't want to scare anyone, but I think I've learned more about MUers from 3rd parties than from the actual people themselves, because as the Hog Pit proved, the desire to shame other players with personal information is somewhat higher, and if a socially engineered dogpiling campaign comes your way...well...you know your personal life information is open season.
• ^ If you think THIS is inaccurate, then tell that to everyone a certain MUer shared details of my private life and difficulties with my kiddo to dozens of 3rd parties without my consent as a result of being rejected romantically on a RL level and continues to share a self-edited version to this day.

(Note: The story others get is sans the part about their RL flirtation towards me, the request for space/rejection after a line was crossed with their flirtation in an unsolicited message to my RL cell phone that my partner saw and didnt appreciate, but apparently needed to provide a falsified version of myself and my RL situation to anyone who would listen as an emotional user of people and an emotionally draining "need" sponge. This is ultimately fucked up because I was dressed as an emotional abuser as a result of trying to set reasonable boundaries with someone who was emotionally cheating on their partner, but as a result I was publicly abused by this person out of spite, yet they needed it to be delivered as being my victim).

Ya tell a person you need space (and arent comfortable), they say "don't I get a say in this?" and "I'm always being chosen above other women", and then 10 pages later you find yourself on the bottom end of of accusation of being an abuser and user. Gotta love it when people cross your requested lines and then retaliate when you protect yourself from them, right?

(I digress, but it's entirely bizarre the number of people who do "OPPshit" that want everyone to keep OPP out.)

This kind of shit happens regularly to better people than I. IYKYK, and I know plenty of people have heard this story from one side. Your personal life details are cheap to trade and even easier to corrupt.

And for those of you who got personal information about me from those bs stories? I guarantee the same people are talking about your personal details, too.

• I literally know a few of your real-life names, which is crazy considering I can count of one hand the number of MUers I know who have told me their real-life names personally. A lot of that data just came conversationally and without request.
• IF the PC is breached, everything from logging to DNS cache poisoning to MITM is on the table, provided the talent, time, and willingness of the malicious actor

This is not a fantasy scenario. This is "Red team 101" and probably covered in the first few chapters of the Certified Ethical Hacker certification, but if not in the first few chapters it is definitely in there. People need to consider the actual 10,000 foot view of just what they're giving away to these other players, and need to understand that just because it's a direct page to "Steve" on "New England By Night" (PB Paul Walker or something), that the existence of telnet being used means that when you give "Steve" your phone number, there is absolutely no guarantee that a 3rd party isn't actively collecting that data, and in the MU community it is far more likely to be used in a personally harmful manner than a financial one. Not only is there no guarantee, it is sickeningly easy to do.

Either way, agree with me or not, fuck it, it's y'alls problem, but it is a problem. Good luck out there and please take this seriously, regardless of the counterpoint Fara provided. It's real.

"(+)" - Sidenote: I didn't "infiltrate" the clique, but when you're not declaring who you are it's shockingly easy to get picked up for a scene and then get included in chats about how bad everyone else is. ¯\(ツ)/¯ The fact that it happened multiple times is just...I guess a fringe benefit or somethin. It's hard to tell who other people are, too, when you don't care.

This feels like an argument between:

• Person saying the entire information security world contains useful data that can protect you from threats you didn't know you didn't want to deal with, and attempting to explain to people the width of risk they should be aware of (framed in "community" scenarios)

• Person who currently has an active stake in the hobby literally going against every information security concept in existence to say "it's fine; ignore it, but it was important enough for me to get Ares set with https for a lot of those listed reasons."

Shit, fara, you're the one that put https out there as an option for these games. Why put effort into it if it's no biggie?

Edit:

Or:

@faraday do you prefer to use the https portal access to the games you play, or the telnet MU client, and why?

@faraday I wasn't saying "request Ares handle" as if there was some way they could get through the https authentication with Ares, but merely as live data to tie an actual user to ip address.

@faraday said in Telnet Safety:

I do disagree with the assertion that connecting to a game with a traditional MU client is opening you up to vulnerabilities beyond someone snooping on the traffic between you and the game

Then you would find yourself in opposition to the entire information security industry, OWASP, etc.

In fact, most major companies stress that the biggest security risks are insecure handling of data, access gained through social manipulation, and the many many ways these things open you up for further intrusion. The least technical and educated people are the biggest risks.

Are millions of dollars in transactions (other people's money) at stake? No.

But as much as the community talks about stalkers, psychopaths, liars, manipulators, protofascists, and goes on and on and on about how bad certain people are...perhaps even MUing on games that allow "simulated" (airquote) paedophilia on the very same computer their kids do homework on...one would think that the risk of that outweighs your TS being snooped.

No one would purposefully try to go after this vulnerability for money (at least not in this community as it's free and obviously a draw because it's free), but if someone were so inclined it would probably be done by someone within the community than some random script kiddie in your apartment complex.

I guess people will just have to decide which of our obvious biases will or won't lead them astray!

Edit:

I had a "hold up" moment.

Do people in this community NOT realize just how much of your personal information alone you have archived and shared in the Hog Pit (or this forum alone for multiple years of use, people talking about their lawyer work, their jobs, their kids, how close they were to that thing that happened here in Raleigh?

Anyway, maybe this is just one of those things where the attachment to the hobby outweighs giving a fuck, or maybe your biased position @faraday dismantled the point, but I think it's crazy, crazy how easy it would be to sploit the hell out of people in this hobby in ways that absolutely scare/affect them, and my ability to do it all drops significantly when connecting via https or using a vpn.

And note your peers in this community have prioritized "socially avoiding/attacking people who use vpns because it doesn't allow game staff to try to track players by IP address". THIS is insane, because this is your peers openly admitting to tracking insecure IP addresses of players for a personal/biased reason. At every turn in this hobby, the priorities seem to always be:

1. Keeping the 5 or 6 specific "villain" names that people can remember off of the game for at least 4 concurrent months

Not that there has been really any success in this for well over a two decades, primarily because of...telnet.

I have no clue exactly how else to explain to people how using this protocol is literally the cause of all of their paranoia, inability to keep people out, and opens them up to literally the craziest people in the community, but if people were so inclined to workshop this (and allow me to prove my case) I would not be opposed to working with others to put together an operation to prove my case by using these methods to gather/log/report data on people doing criminal activity on sexMus

@faraday You and I are like a regular good cop/bad cop episode lol. You're right, though. The dangers ARE considerably less on a MU server than foolishly connecting to some rando telnet port you find listed on the dark web.

However, I think it's important to understand the width of what could happen in a very realistic scenario, such as:

• Player A has a Trojan on their machine or other exploited vulnerability that gives the attacker access to their OS
• Player B does not
• WHOEVER has access to Player A's device (could be a Player or something black hat) can snoop the telnet transmission unknowingly to either player.

Any personally identifying information shared in that telnet stream between both unaware players (perhaps even ones that are in a real-life relationship, sending pages to each other about paying bills, or lifelong friends sharing address information) is open game, and neither of the players would have any clue that they'd been snooped on.

I feel like a massive asshole saying this, but the most hated/feared people in the community could easily start up a new game server under a false identity, LITERALLY EVERY PERSON IN THE HOBBY CHECKS IT OUT AT LEAST ONCE (because this happens for almost every new live game. Boom. IP addy.), request your Ares handle in the app process, and then log every 24 hours of content through the listening port to cloud-based storage.

I wouldn't do that, personally, but others who are down with other people's property could. If I were black hat or a stalker, that's exactly what I'd do.

@faraday said in Telnet Safety:

A malicious actor could 100% snoop on your insecure connection, but I fail to see any way that they could manipulate anything on your machine unless there were some kind of underlying exploit in the MU client that they could leverage. Right?

Basically, but I was also operating on the concept that information gained through insecure data transmission could lead to further exploits. Also, Telnet is not only susceptible to snooping, but also MITM/DNS Spoofing*, because telnet makes no attempt to validate the host it is connecting to.

Insecure transmissions are really just risky, so I 100% agree that the ABSOLUTE BEST approach is to do as @faraday says and connect via https at the portal.

Edit: (for those who don't know the slang)

• Man in the Middle (MITM) is where a malicious attacker inserts themselves in between the transmission to intercept data, but is not just limited to snooping. Communications can be modified/redirected. (mitigated by using secure protocols and disabling telnet)

• DNS Spoofing is where DNS records are manipulated to redirect targets to bogus websites , which could lead to further exploits. (mitigated by use of https)

OH AND I JUST REALIZED...

• Telnet transmissions include your IP address used, which makes users susceptible to malicious users backtracking the IP into port scans/penetration tests. Not trying to pile on against telnet, but this is 100% accurate
• also is the fact that your IP address is something always available to game admin, regardless of how much you trust them
• the only workaround for this is really a VPN, which is also 100% recommended to further increase your security and ensure that MU game admin can't use your actual IP for their own purposes without your permission

Waiting on a work call, and building off my prior post I thought I'd share a cool tech tip.

In my other post I mentioned that all telnet transmissions can be logged and reviewed at the router level. Really, having control of the household router can give you godlike levels of power.

So if your kid is using their Playstation at 3am against the rules (or some variation of this problem), do the following:

1. Get the IP address of the device
2. Log into your router as admin
3. Find the connected devices and deny that IP access to send data through the router between bedtime and back from school time

(Note: you can also assign nicknames to devices showing only as IP addresses. It helps to change these devices to names like "Billy's PS5" and "Dad's Cell Phone")

You can turn your kids' computer devices into bricks between whichever hours you please.

I ended up having to do this to my own teen that wasn't getting the point, and since I was the only person with the router password I could control those constraints.

Hey, IT guy here. I've posted in the past about the technical dangers of MU in terms of other topics, but for those not aware, I thought I should write a little blog post.

1. ALL MUs that aren't using SSH are essentially unencrypted

Telnet (created in 69) uses TCP port 23. It sends unencrypted data across the TCP/IP network (internet) containing a clear, readable transmissions of all characters sent/received from the MU.

In 1969, this beast above was the most powerful computing system in the world. It went for a whopping 2.3 million ($23mil+ adj for inflation)and had an awesome memory availability of 982 kilobytes (just under 1Mb). A modern 20 dollar burner cell phone comes with 32GB storage, which is essentially 32000Mb, and 32,000,000 Kb).

That is how fucking old telnet is. It turns 100 in 2069 in 45 years. It predates modern cocaine use.

2. The difference between "data at rest" vs "data in transit"

The difference initially is obvious. Data "in flight" is in transmission and "at rest" is when it is stored, but what does this mean for your firewall/vpn/Etc?

AT REST DATA: All of your firewall/malware/virus protection typically is by device (laptop/cellphone) or handled via software on your router. THIS HELPS KEEP PEOPLE FROM HACKING YOUR MACHINE AND PULLING DATA OFF OF IT. This is data at rest. You have provided a "fort" for your data that is hard to get into.

IN TRANSMISSION your data becomes vulnerable. Like any important piece of mail (like your tax return) you want to mail it knowing that it is safe, won't be intercepted, and won't be acted upon by people the piece of mail isn't addressed to.

In-transmission data is quite simply the most dangerous part about the MU hobby.

3. How can unencrypted data over MU be dangerous?

Telnet protocol is insecure, and if a malicious MUer did or didn't have staff privileges (because the MU is insecure and the data is unencrypted) they could...

• capture/log all transmission data, both personal and roleplay including sensitive personal information
• use the established telnet connection and hacking wares (that are so obsolete that they are easy to obtain and can be used by kids) to manipulate what they can on your machine through the telnet protocol session you initiated on connection.
• Session snooping is simple. At the router level I can block port 23, but I can also log all data transmitted via telnet for my viewing. This puts TS MUers in a serious danger zone if their spouse has any tech skills. It could be done without even touching your laptop.
• If the MU staff or site hosting is not secure from MITM attacks or session snooping, then a malicious user could implement telnet snooping across all users of the mu hosting provider, and the existing use of telnet protocol makes this a constant threat.

So while the data is "in flight", it leaves YOUR network, is out in the open, and is then delivered to an "at rest" state on the MU server, you should keep these things in mind:

• MU hosting and MU staffing is an entirely unpaid, amateur effort
• Most game staff are not IT professionals, and even if they were the only true answer to safety is SSH...which requires additional purchases (certificate authority) and authentication protocols most MUs don't use (or have staff who would know how to implement)
• All data on the server is technically the property of the owner (not the user) with no existing legal recourse if the MU is infiltrated.
• The assumption that your private pages and roleplay is truly private is an absolute farce

(By this I mean...you're RPing or discussing potentially personal things over an INSECURE protocol on an antiquated BBS service owned/ran by a stranger with only "social damage" incurred if they're caught snooping your pages/rp, and at a certain level of privileges other staff would never even know if it was happening to them)

• NEVER give your address, phone, banking, fullname, general location, business information, etc over pages/chat in MU even if you trust the person because THE DANGER ISNT YOUR FRIEND, BUT THE SERVICE/PROTOCOL YOU ARE USING.

So with all this in mind, it's far safer to RP using discord or even Facebook chat windows, because at least those services have encryption, terms of service, data collection standards, and security baked into the format.

Really...anyone who knows this stuff when you don't is a potential malicious actor, and MU players seeking that free entertainment are pretty much at the mercy of the budget/hostingSite/protocol selection of the game-runners. There's no "policy" that fixes this issue, nor does a promise have any value, because the game site and protocol are pretty much wide open.

Now, you may read this and say "ennnnhhh...I doubt BubbaCliqDude or OPPCannotDie (whoever your fave/least fave MUers) have the skill, desire, or talent to fuck around with telnet" Don't think this.

Because literally anyone connected to any MUer, any malware/Trojans they have allow their malicious entity to snoop their telnet session that is using an insecure, open pipe of data from source-to-site (your transmission), then site-to-target (they receive). Both users have approved the connection and Microsoft is more than happy to let that approved connection do whatever it wants unless properly configured. Which...proper configuration in this case would be to disable telnet protocol altogether, which would kill your ability to connect to 99% of MUs

(note: every card payment taking service in the world is banned from having telnet protocol enabled on all windows machines. If telnet on any machines causes a PCI audit rejection, they could be contractually rendered unable to perform any transactions until telnet protocol is disabled across all machines)

THAT is how fucking bad telnet is.

@Ganymede said in A.I. in the Community:

hate watching golf

A lot of my childhood is getting kicked outside (off the tv/Ninetendo) so my dad could watch golf. When I was older, I was kicked off the TV to mow the lawn so my dad could watch golf. Then my dad made me caddy for him a few times.

Now, when my coworkers go to TopGolf I just watch, because I'm so biased against golf now, I won't even swing lol

@faraday said in A.I. in the Community:

I don't think this practice is as widespread as you assert it is. (Though doubtless it does exist.)

Not being on the games anymore, I'm not actually sure how widespread it is or isn't, but thought to ask (since I think it's an interesting topic).

Is there anyone anonymous who uses it under the radar who wants to chime in?

@Misadventure said in A.I. in the Community:

For example, if a ST writes something maybe it's a cue or clue to the potential of the scene. If an AI writes it, it has no intent.

But if the ST generates the content that includes that intent, the end result is the same, right?

I guess I don't see any issues with its use so long as it's an enhancement and not a replacement, though the idea of an Ai player to see how it works sounds cool

@Juniper I get this in concept, yes.

But over the years, the emphasis on actual writing has waned, replacing entire chunks with PBs instead of descriptions, pictures instead of clothing/scene descriptions, and in some cases using the entire personality of the PB as the character itself.

So I guess my argument is: if the emphasis is less on writing and more on titillating your writing partner, then does it really matter where the amateur gets their content from? No one is being paid, and since it's possible that at least one person in the diminishing community is 100% catfish (which I assure you someone is) then...who cares?

I'm sure there's a few people who write 8 paragraph poses who consider themselves an "artiste", but anyone who actually reads books knows that a LOT of this stuff wouldn't qualify as writing outside of the community. Ai might actually improve poses. So...I guess I don't get why people care.

Edit/example:

• I'm playing on an unlicensed Star Wars game using the d20 Saga system...unlicensed and unapproved including miles of copyrighted material in game and on wiki...unlicensed.
• I could be roleplaying with someone who claims to be a 34 year old single white lady, but I'm taking it on faith they're not a bi-curious 16 year old male
• both of our characters are using unlicensed photography and the unapproved use of the likeness of 2 PBs
• The other character us using Melanie Laurent as a PB and their actual character name from Inglorious Basterds "Emmanuelle Mimieux" and roleplaying them like the character in the movie (true story btw)
• Everyone in the community is an amateur, so I go in realize they may not be any good at "writing" so I end up with 8 paragraph poses filled with grammatical errors, run-on sentences, and weird thesaurus choices as the other writer fails to realize that most novels read at a Jr High level and that good text is concise and descriptive.

And then...

• You find out the other person used Ai content and it ruins the entire experience
  ^ this I don't get.

At the risk of sounding snide, this is a waning "writing" hobby using 30+ year old technology that thrives on the use of unlicensed game content and imagery to avoid "necessary yet replacable with pictures" writing, filled entirely with unpaid amateurs who regularly gab about how great their writing is who regularly make fun of bad poses (and after years of bad description shaming moved to images), and the top prize for using Ai to touch up your poses is...others believing you can actually write.

I say fuck it, use it.

A friend (who still plays) and I were talking, and the topic of A.I. (and how the MU community approaches it) came up. I thought it would be an interesting topic to throw down, because as it was explained to me:

• Using AI for poses is considered BAD
• Using AI for art is considered less bad
• It depends on the game, but whether or not users can use AI is now a regularly policy-type thing.

I won't expound, but my general feeling on the topic is "this is all amateur stuff that is beneath that level of accountability", but I'm curious how others feel, or how it has affected games. Do people get scrutinized by other players for being a potential Ai user?

I quit this stuff before GenAi was available, so really, what's the MU community like in a post-AI world?

@Misadventure on the plus side, most of the big services pledge not to take your work without your permission (in terms of art), but means more that the final product isn't their property (but the info on how to recreate it is theirs to keep).

So if you're trying to do something professional, it's not the best choice in terms of privacy, nor artistry.

@faraday Yeah I used DB for lack of a better term for neonates. Your point is 100%. Databases are far easier to index and maintain than these connections, which to a certain degree are on private hosts. In terms of where it falls on "information collection" and how it applies to something like the GDPR, but you've gotta figure over time the GDPR is eventually going to get notices of people trying to be "forgotten" by Ai engines.

But in the US you're kind of screwed. In the US there is no "right to be forgotten", nor a hard requirement that only data necessary to the function is collected. We are kind of an "open collection" nightmare where the US's current approach to data collection is basically "if you give it to them, it's their property"

...and you've also got to figure that after blatant attempts in recent days like "if an actor inserts their image to my Ai engine, I can duplicate their likeness ad infinitum without paying them" and sites like 23&Me literally collecting your DNA as their proprietary data...it's good to know these things just in case.

(* GDPR is the EU's data collection policy "GeneralDataProtectionRegulation" that specifically limits what data can or cannot be gathered, but also is unique as it is the data protection that requires collectors remove your data if you request to be forgotten by their systems. The US has no such policy)