The built-in RMT filter can be exploited to hide Novice Network kick messages

[rainyroads]

Dalamud’s current built-in RMT filter can be used to craft Novice Network kick messages that are invisible to users running XIVLauncher with the filters left enabled.

For example, including bonus code anywhere in your kick message will make it so that neither the person being kicked (if they are using XIVLauncher), nor anyone else in Novice Network using the launcher can see the kick message.

There may be other potential ways this can be exploited as well.

Someone made a proposal in #187 to remove this feature, as it doesn’t effectively filter the vast majority of RMT spam in its current state, and can cause confusion when innocuous user messages trip the filter.

I think it would be best to either remove this or add it as an optional feature that is disabled by default and that users have to manually toggle on.

Additionally, certain message types, such as Novice Network kick messages, should probably be excluded from filtering entirely.

[reiichi001]

This feature has had a checkbox in Dalamud Settings for quite a while. You can disable it if you want.

It's not an exploit when it's working as designed and intended.

But also, why would someone include RMT terms in their kick message? While you can certainly construct these on purpose, it feels like a stretch to say this is a common occurrence. And if there is RMT spam occurring in the Novice Network channel, then the whole point is to prevent users from seeing it, just like in /say or /shout chat.

While this feature could be adjusted to check if an incoming message is by currently-logged in player, that's more complex to handle that you probably think it is. Outgoing messages aren't checked at all, as they go to the game server. The game server then sends that to each client, which is when Dalamud processes the incoming message. (Adding an additional check to match the sender name/world and the current player is doable, but does mean it's now adding additional overhead, but moreso, a point of failure if something doesn't resolve correctly, which would be a bigger issue.)

[rainyroads]

But also, why would someone include RMT terms in their kick message? While you can certainly construct these on purpose, it feels like a stretch to say this is a common occurrence. And if there is RMT spam occurring in the Novice Network channel, then the whole point is to prevent users from seeing it, just like in /say or /shout chat.

To deliberately hide the message. Most people who use the launcher don't even know this feature exists. It has a slight abuse potential by allowing you to kick someone while including an "RMT phrase" in the message, so that the kick message is never sent to their client. They essentially won't see who kicked them or likely even know they've been kicked for a while.

It doesn't likely stop them from filing a report, whether they have the kick message or not, and whether they know who kicked them or not, but considering this feature currently serves almost no useful purpose (the regex filters are severely out of date and do not filter the vast majority of RMT messages), it doesn't seem worth keeping this feature in the launcher if it's not actively updated and maintained, while having potential negative uses and inconveniences.

Certain phrases in this filter, like "sell cheap", can be used by normal players and aren't exclusive to RMT bots either. I've seen instances of people's messages getting filtered like this, and the users have absolutely no idea why. They assume it's a game bug and openly mention their messages not appearing, thinking the game itself is filtering it, as again the vast majority of players don't even know this is a feature that exists in the core launcher and is enabled by default.

However, if you don't see this as an actual issue, feel free to close this!

[goaaats]

I'm thinking of finally removing this altogether with DT, and let people that are interested switch to NoSoliciting. Let's track it here.