Skip to main content

Frequently asked Questions

Q:  Why is authentication needed for certain endpoint/methods while others are public?

A: Certain features of my API might be sensitive because it allows longitudinal tracking of video game cheat users. We should not forget that behind every tracked account, there is a human which this could be used against. For this reason, i have decided to restrict full database insight in order to avoid large scale tracking operations with a dataset i was partly responsible for.

Our Legacy Endpoint will never require any form of authentication. It serves as a public demonstration. 

Q: How accurate is your data?

A: Our internal backend aggregates various information and attempts correlation by sampling various data sources:

  • the backend of a popular video game cheat provider for Team Fortress 2: LMAOBOX Premium.
  • steam API

While it is possible to forge fake records into this tracker, doing so requires somebody to reverse engineer LMAOBOX enough to understand how it facilitates its cheater coordination service. You also need to be in posession of a valid LMAOBOX Premium license and be able to authenticate against their backend. Furthermore it isn't possible to consume more than one slot within their lobby registration table, because each user only gets a single entry that is then updated on repeated registrations. It might certainly be enough for use as an information asymmetry advantage. Whether its court proof evidence? Totally not! 

When a cheater loads LMAOBOX Premium and opts in for its lobby sharing service, a few things will happen:

  1. Their game client will use WinInet API to send a registration request to lmaobox.net/sl.
  2. It will submit your Steam32-ID encoded in hex-format, your current in-game name, and some other fields i talked about in my blog post.
  3. Now when other cheat users look into their lobby tab and refresh, their game client, in turn will make a request to lmaobox.net/sl/v for retrieving the lobby registration table. This is why their sharing system fundamentally works to begin with. They use the cheat server itself to coordinate.

No comments to display

Back to top