"Minecraft-IDs"? A unique ID you get when installing minecraft.

Discussion in 'Spigot Discussion' started by TaskID, Aug 12, 2020.

  1. Hello Community,

    Currently we have a lot of problems with cheaters and crashers on servers. One thing Mojang could do to (maybe) solve this is introducing Minecraft-IDs.
    These should be an 64 character long ID you get when installing minecraft. You cannot change that manually, so to change it you'd have to reinstall minecraft.
    Now the Idea is, that servers can get these ID's via BungeeCord and Spigot, so I'd be a second ID similar to UUID's, but not bound the account, it'd be bound to the Minecraft Installation.
    So if somebody's cheating and you're banning them, you have the possibility to ban the Minecraft-ID, so the player would have to reinstall Minecraft to connect again.
    It'd solve a lot of problems with bans, because currently you can just change the VPN Server and use another account, and there you go, you're unbanned.

    The issue that comes up with it is that Mojang needs to find a way that this ID can't be changed without reinstalling minecraft, but that servers still can get and check it.

    What do you think of that? Let me know :)
    • Optimistic Optimistic x 1
  2. Hacked client will just send a random one
    • Agree Agree x 4
  3. Yes, that's the problem. They should really be unique and they should not be changeable by any other clients. That's verify difficult to implement.
    But if it would work like that, it'd be amazing, wouldn't it?
  4. What is the point in this suggestion if they can just reinstall Minecraft. That is no different then turning on a VPN or changing your VPN location.

    Players have unique ID's (UUID). The point of the UUID is for this exact reason.
    • Agree Agree x 3
  5. Hmm, but who would reinstall minecraft just to get unbanned, especially for small servers? With a minecraft installtion is so much connected, mods, clients, settings etc. I guess that not so many people would reinstall minecraft ^^

    The even better alternative would be to just be able to ban the HWID (Hardware ID) ^^
  6. As far as I know, if a player wants to get unbanned from ANY server, they would do anything they can.
  7. UUIDs work because they're authenticated. Purely client-provided data can always be trivially forged.

    Edit: I suppose Mojang could provide a unique certificate per installation and servers could verify its authenticity (basically SSL certs where Mojang is the only trusted certificate authority), but realistically, I don't see anything like this happening. Even if Mojang added something like that, who's to say a hacked client couldn't acquire unlimited certificates? Authenticated UUIDs are enough as is, in my opinion.
    #7 Rezz, Aug 12, 2020
    Last edited: Aug 12, 2020
  8. Impossible- even if Mojang implement the certificate system @Rezz spoke about, a client can just go through the certificate issuing procedure itself to generate new IDs
    • Agree Agree x 1
  9. Other games have done something similar to this, they're always switchable.
  10. Machine ID would be a more interesting thing. The problem is that no matter what you do, if you try to identify a client by something that's on their PC they can always spoof it. They can always send you something different.
  11. the only way you can protect this is make your server whitelisted and whitelist paid, the main problem of easy ban bypassing is that there are so many minecraft accounts, if there were less, they couldn't get that many alts, so couldn't bypass

    so you can only protect by limiting the amount of accounts your server can be joined by, as your server likely will have much less possible accounts than overall minecraft