Perhaps a more secure and trustworthy structure would be the following:
1. The client sends a report to the server server being played on.
2. The server looks over report to make sure it lines up with its own chat log.
3. The server adds extra information to report, such as a server description, missing chat entries, and a list of the server's own rules and guidelines for extra context.
4. If the report is valid it goes off to Mojang/Microsoft. Otherwise, it warns the client that they made a bad report.
Involving the server in the moderation process would be worlds better than the client alone getting the final say as to the contents of a report, as a client could make up its own messages to incriminate other players' innocent messages without others knowing. If the server has a chance to verify the report, the server has an opportunity to prevent a false report from going through and wasting the moderator's time and potentially false banning someone innocent.
I'm omitting security details such as cryptographic signatures because that is not wheelhouse, but if I had to guess the server should probably send its own signature for the whole report, just like how each chat message has its own individual signature.
Please sign in to leave a comment.
0 Comments