This category is for Realms and dedicated server feedback. Please send support issues to help.mojang.com, as support posts, bugs, and individual server issues will be removed. Remember that when it comes to "adding more servers" or realm restrictions we are constrained by the rules of the various platforms Minecraft is available on. Thanks!

← Realms and Dedicated Servers
2
Follow

Ability to read Privacy Policy In-Game before Joining Dedicated Server

Java Edition 21w07a secretly added a feature that allows dedicated server owners to "censor" words on chat, books, etc using APIs if configured on the server.properties file. The information sent to the API includes the player's display name and the message to check. There is also a (currently dead?) method that apparently calls the API when a user joins or leaves the server. In this case the username is sent.

There is no indication of the system running (except by typing bad word in a book and using modded clients to check for filtered_pages NBT on the book.) - and even so, the user cannot know who owns the API and how they are processed.

Since it is clear that this feature handles personal data, the user must be given a privacy policy of the API used. (GDPR exists, right?) This should be done before joining the server (must, if the dead code becomes alive again.) The privacy policy can be stored on the server either as a file or as another property of server.properties file. When a user joins the server for the first time, after the connection is established (but before the "join server" API endpoint is called, if it exists) the server sends the privacy policy text which can be read on the confirmation screen on the client.

Avatar
Registered User shared this idea

0 Comments

Please sign in to leave a comment.