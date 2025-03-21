After a controversial coding slip-up fed stalkers info on their victim's alts, FF14 wipes the slate clean to try and fix its mistakes

published

Better late than never.

Koana, a main character in Final Fantasy 14: Dawntrail, stares thoughtfully at a book in his hands.
(Image credit: Square Enix)

Final Fantasy 14's patch 7.2 is coming soon—which means preliminary patch notes. While these aren't usually of much interest, with much of the meat contained in the game's live letters, one particular note leapt out at me: FF14's making changes to its blacklist.

I wrote a full story on this back in January, but here's the cliffnotes: In the game's latest expansion, Dawntrail, FF14 made some overall solid changes to its otherwise ineffective blacklisting system. One major benefit was the ability to vanish anyone you've blocked out of your game world entirely—whereas previously, if you were being stalked, you were powerless to do so.

However, Square Enix's integration of the feature left a lot to be desired. As modders soon discovered, the change had caused FF14 to beam your account ID, not just your character ID, to other clients. This ID could then be scraped easily, with mods (like the controversial Playerscope) able to snag it—and the way some modders talked about it, it wasn't particularly hard. It should be noted that it was also used by other mods for less nefarious reasons.

Well, as the preliminary patch notes read, Square has taken steps to stop it—and is wiping the slate clean for its account IDs as a hard reset:

"In accordance with measures introduced in Patch 7.2 to help prevent the identification of account IDs that are not displayed in-game, relevant saved client data has been reset. We apologize for any inconvenience caused and ask for your understanding as we introduce these measures."

(Image credit: Square Enix)

While this doesn't reveal what Square Enix has actually done to address the issue (which is fair enough, no reason to give stalkers more info than they need), the fact that the client data's been completely reset seems a sign the company's patched up the vulnerability. Otherwise, why go through the hassle?

It does, as Square notes, result in a couple of things to keep in mind. "Although information registered on the Blacklist has been preserved, characters blacklisted prior to Patch 7.2 will be displayed as '(Character name could not be retrieved)' … To have blacklisted character names display once more, please consider removing relevant characters from the Blacklist and registering them again. We apologize for the inconvenience."

Basically, your blacklist will still work, but blacklisted characters'll no longer have their names present in your list. If Square Enix has fiddled with the account ID system, then this makes sense, because blacklisted player's alts would also be blocked from appearing in your game world. Assuming they were blacklisted by the game via the same system, readjusting account IDs would, well, do that.

The post also reads "players will be unable to blacklist characters that were registered as contacts prior to Patch 7.2 via their Contact List" based on the deletion of mute list data—which seems scary at first, but this just means that you won't be able to blacklist someone via your mute list because, one assumes, the account IDs have been scrubbed or re-generated.

It remains to be seen whether this has actually fixed the issue. It was a pretty glaring vulnerability in the first place, and one that has likely already still done damage. Even if it is fixed, anyone with a mind to stalk someone has likely already grabbed the information needed to do so. Better late than never, I guess—though for others' sake, I'd have preferred if this'd never happened at all.

