Content of the article: "What does having POESESSID grant to tools?"
Does anyone have a clear understanding of what having someone's POESESSID lets a tool do? Old tools like Acquisition and Procurement and new tools like ReForge require it.
PoE's oauth server warns that this grants "access your basic profile information, including a unique account identifier."
Can they see all your public tabs, regardless of privacy settings? (I assume yes, and I have no concerns about that.)
Can they see all of your private tabs, regardless of privacy settings? (Something I may not want but might be willing to risk.)
Can they see all of your characters, gear, and inventories, regardless of privacy settings? (Something I may not want but might be willing to risk.)
Can they read your messages? (Something that could be used to hijack an account by being able to answer challenge questions that GGG support staff ask.)
Can they see your IRL email address? (privacy issue + account hijack risk)
Can they change your account's associated email address? (obvious account hijack risk)
Can they see your transaction history? (privacy + hijack risk)
Can they see your item filters? (I don't care, but perhaps others do)
Can they see your private PvP information? (I don't care, but perhaps others do)
Context: this concern was recently raised in https://redd.it/hw9op8, and I found this older post warning about sharing the session id https://redd.it/78j0qk. If we share the session id with a tool, we need to not just trust that the tool isn't malicious, but also that the tool won't get compromised by someone who is. If the tools only get read-only access, and especially if it can be limited to parts of your data (e.g. only stash tabs but not message or transaction history), then these concerns might be overblown.
EDIT: I removed wording about oauth: that part of reforge seems reasonably safe. The concerning part is that after authenticating with oauth, reforge asks for your POESESSID which grants it full access to the web part of your account, so the rest of the questions are still relevant. Note: I've only had good experiences in game with those behind reforge. Clearly they've put a lot of work into their tool, as others have with other tools. But giving them such powerful access as the session id, especially in a remote service, means not just trusting them but also their ability to properly secure their servers. Writing good applications is hard. Making them secure is even harder.
- EA customer services are pushing me over the edge
- Did the game(s) change your views on privacy?
- Paypal problems.
© Post "What does having POESESSID grant to tools?" for game Path of Exile.
Top 7 NEW Games of June 2020
Quite a few exciting games are releasing for PC, PS4, Xbox One, and Nintendo in June. Here's what to keep an eye on.
Top 10 NEW Open World Games of 2020
Video games with open worlds continue to roll out in 2020 on PC, PS4, Xbox One, Nintendo Switch, and beyond. Here are some to look forward to!
Top 10 Best New Upcoming Games 2020-2021
The best selection of games which will be released in 2020 and 2021 for PS4, PS5, Xbox One, Xbox Series X, Google Stadia and PC - and you can watch in amazing UHD 4K and 60FPS with latest updates about all of the games in this list!