zlacker

[return to "Steam "Offline" status leaks exact login timestamps (Valve: Won't Fix)"]
1. bigyab+61[view] [source] 2026-01-20 22:52:44
>>xmrcat+(OP)
> Their logic: You have to be friends with the user to receive this packet. Therefore, a "trust relationship" exists.

That logic is acceptable. You could also DM an offline friend a tracking pixel to reconstruct their activity, a lot of this endpoint security is entirely up to the user.

◧◩
2. xmrcat+E1[view] [source] 2026-01-20 22:56:44
>>bigyab+61
True, but a tracking pixel is an active attack that leaves a visible trail. This leak is passive surveillance; I can silently graph the sleep cycles of 200 friends without ever interacting with them. Trust shouldn't imply consent for invisible, automated logging.
◧◩◪
3. werner+l2[view] [source] 2026-01-20 23:00:51
>>xmrcat+E1
But your friends have accepted your request for friendship and your friends are not expecting you to spy on them correct?
◧◩◪◨
4. xmrcat+T2[view] [source] 2026-01-20 23:04:49
>>werner+l2
Exactly. The 'Offline' feature exists specifically to set that boundary, and the backend completely ignores it.
[go to top]