Skip to main content

Browse GamesGame JamsUpload GameWinter Sale 2024Developer LogsCommunity
On Sale: GamesAssetsToolsTabletopComics
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines
JackPrograms5 days ago (1 edit) (+1)

I think the point is that the game developers make the infrastructure around it (ie friend lists and lobbys), not itch.

But also, playing “logged in” already somewhat exists on the itch.io app. Where you can authenticate user accounts and that sort of stuff with the api, directly getting account info. Just from loading up an app. I just think This would be super useful in web projects ran on the website, bc that’s where majority of traffic comes from.

It could be like a oauth screen before loading up a game, where the user better understand what’s happening when they login, but also it’s a public website, I don’t understand the point of hiding usernames bc of privacy or anything of that sort.

Third point, about user anonymity, itch.io is a website that contains largely unmoderated (to my knowledge, I don’t really go around making virus and stuff) javascript code execution, you can already get a lot more info such as IP addresses, approximate location and that sort of stuff from users that play your games, hell google analytics tells you a lot of information about your players. I don’t understand the logic that an opt-in user identification system would be so detrimental to site security.

Reply
redonihunter5 days ago
I think the point is that the game developers make the infrastructure around it (ie friend lists and lobbys), not itch.

If they really do this, why do they need the Itch profile for that? They can deal out a login on their own. Itch has no support for a lobby to begin with. Or for friends list. But then again, if your game is big enough for things like that, you probably are hosting it on your own website, where you can easily put some more advertisements for all the freeloaders.

Where you can authenticate user accounts and that sort of stuff

In theory. I have never seen a game that needed that. Are there any popular examples you can name? I did read the faq and know there is an api for that, but actually never saw this done.

but also it’s a public website, I don’t understand the point of hiding usernames bc of privacy or anything of that sort

Itch is a public website in the sense that anyone can access it, if they can access US websites. It is not a public website in the sense that users see other users. Apart from public activity like commenting or having a public collection you do not see any activity at all from other users. None. You also do not see "who is online", like you do see on some message boards.

Once users grasps that concept, suddenly seeing their account names on a leaderboard, just because they clicked away that cookie warning or whatever that nagging screen was, is surprising. This is bad site and information flow desgin, if it were implemented.

They could improve support for web games to do fancy things. But if they do, please with robust api and with strict rules like vetting the developers.

I don’t understand the logic that an opt-in user identification system would be so detrimental to site security.

Life Scammers will find a way. I have literally seen hundreds of hacked accounts on Itch. Itch accounts are a target, as are Discord accounts. Coincidentally, many people name both the same...

An opt in is useless, if people do not understand what that means. Or would you understand that such an opt in means that anyone seeing that leaderboard could just try out passwords with your account name and try to hack your account? You do not even need to be a fake developer and harvest names. Anyone could see them.

Personally, for me it boils down to this: I do not trust amateur developers with this kind of information. There would need to be an ultra robust and fool proof api for that, with no way of exploits and a system to ensure that the dev would not be a scammer. Amateur devs playing around with account names. No, thank you. I would rather not have that.

Reply
JackPrograms5 days ago (2 edits) (+1)

Are there any popular examples you can name?

The reason there are no examples is that the feature isn’t fully implemented. Most traffic doesn’t use the itch.io app for web games, so it would prevent most users from using the feature.

clicked away that cookie warning or whatever that nagging screen was

All the “nagging screen” would need to say is “developers will be able to see and share your username” that’s really it for people to fully understand.

Here’s an idea. (in this case, a non-naggy checkbox that would need to be checked for any data to be sent.)

Probably needs some changes like an always yes/no that can be changed in account settings, and other stuff to fit itch’s design language. But it can be made it a way for the user to understand whats going on.

anyone seeing that leaderboard could just try out passwords with your account name and try to hack your account

First, I’m fairly sure itch.io has rate limiting, you can’t just spam password attempts without raising some red flags (getting your IP banned for some time, or account locked or something), but let’s say they don’t for the sake of example.

If people can just get into accounts with usernames and spamming passwords, why do people comment/post/review/do anything with their username attached?

Like, if I can hack people with just a username & some time, wouldn’t you be putting yourself at risk by replying to any posts?

Also, You can search a long list of users (mostly creators) with the search bar at the top of itch.io? If usernames were really that sensitive, why do you see them everywhere?

But also, it could pass in a display name or unique identifier to web games, instead of a username, avoiding this username/hacking point entirely.

Reply
AboutFAQBlogContact us
Copyright © 2024 itch corp · Directory · Terms · Privacy · Cookies