Response to Accusations About Snakey Monster Server
[This page placed online 26 Jun 2024, last updated 06 Jul 2024]
Data as of June, 2024:
| | Official Servers | Snakey Monster | "ANE" (Aylina/
Numerous/Eiriker Server)1 |
|---|
| Name: | slither.io | Snakey Monster | None |
| Running For: | 8 years | 1 year 3 months | 6 Months |
| Registered Copyright? | Yes:
TX0008275025 | Yes:
 | NO |
| Source Code Reviewed?2 | Client | Server | NO |
| Logo: |  |  | NONE |
| Website? | YES | YES | NO |
| Discord? | YES | YES | NO |
| All Worlds Unique?3 | YES | YES | NO |
Identifies Itself
(map/leaderboard)4 | YES | YES | NO |
| Only Sends Official JavaScript?5 | YES | YES | NO |
| Abuses Leaderboards? | NO | NO | YES6 |
Threatened to Leak
Confidential Info? | NO | NO | YES7 |
| Leaked Confidential Info? | NO | NO | YES8 |
| Falsely Accused Someone of Crime? | NO | NO | YES9 |
- 1 The servers appear to be run by Aylina, Eiriker and Numerous, with no name.
- 2 The Snakey Monster server source code was given to several notable people in the community for review.
- 3 The official servers are by default unique. The Snakey Monster worlds include worlds with just botstorm bots
(which did not exist previously), mazes, a battledome, art worlds, etc. The ANE server does have a unique slither version of paper.io.
- 4 Official slither.io server don't need to identify themselves, they were there first. Snakey Monster servers
use the map and/or leaderboard to make sure people aren't fooled into thinking they are official servers.
- 5 The slither.io protocol involves a JavaScript challenge-reponse. The Snakey Monster servers have always sent the exact same one,
which came from the official servers. The ANE server sends JavaScript code that Aylina wrote that runs on the player's browser.
- 6 Before the ANE servers, I only allowed at most 2 of my worlds to be listed in the NTL leaderboards, so as not to "clog" them. As I write this, half of the servers shown for North America are unofficial servers, making it harder for the community to find the official servers they want to play on.
- 7 Aylina agreed to keep the source code confidential, but:
- 8 I gave information to Aylina on the condition it be kept confidential.She shared it with Numerous,
who then (knowing I wanted it confidential) shared it with a group of about 20 moderators.
- 9 Eiriker and then Aylina falsely accused me of having used an exploit to hack into player's computers.
Numerous used his reputation to lend credibility to their "theory". After investigating, moderators disproved it.
Original Response
I'm writing this 5 1/2 days after a false accusation was posted about the Snakey Monster servers, claiming that I used them to hack into clients and steal game codes. Two people accused me of the hacking, with one slither.io discord moderator lending credibility to the accusations, and another moderator directly backing them up. Shortly after the moderators allowed me to respond the next day, they deleted my main response, and let me know I could not post my response. 5 days later, the moderators have not changed their position of falsely accusing me of a crime (hacking into clients is, to the best of my knowledge, a crime), or of not letting me respond.
Since I am not allowed to post about the situation on the slither.io discord, I am forced to post it here.
[See also my post on the slither.io discord moderation issues]
The Accusation
The accusation was that I programmed the the Snakey Monster servers to take advantage of an exploit that could potentially be used by one slither.io client to obtain tag codes and team codes, and that the server was recording this data.
The Exploit
The official slither.io servers send a "challenge" (a/k/a "riddle") to clients that they need to respond to. The official servers send encoded JavaScript that is designed to send a 24-character string when the client runs it.
In June, 2024 someone realized that the one client contains tag codes in addition to team codes, and that JavaScript code could be crafter as the challenge to send those codes to the slither.io server. The client was quickly changed to prevent that possibility.
The Evidence
To support their accusation, they posted a DM I had sent that included "GoldenWings111", which they said was their tag code.
My Response
- I have never used any exploits, period.
- The Snakey Monster server has always sent the exact same challenge, one I took from a game I recorded on September 26, 2022.
- The Snakey Monster server has never logged or recorded the response to the challenge, as it is always the same. It just verifies that it is "OVJOsEjRpcOuhirgshXRPWml" (again, from that game I recorded).
- I was not aware of this exploit until after it was fixed.
- I was not aware that tag codes were stored in the browser until after the accusation.
- The Snakey Monster project is completely transparent, with a website and a public discord (complete with an "Ethics" channel).
- I have given 5 people access to the source code, so while it is not open source, it is not secret either.
- I know that computer hacking is a crime, and I would never risk going to prison over this project.
- I have never shared any tag codes or team codes with anyone
The one thing that I did do was send "Goldenwings111" in a DM, to someone who had asked me to help create the tag in the first place. It was a petty thing that I did, it was out of extreme frustration after actions that they had taken against me, that had caused me a lot of stress and led to me deciding to shut down the Snakey Monster project. But that's not an excuse, sending that DM was unprofessional. But Goldenwings111 was never on the server, nor had it left my desktop until I sent that DM.
The Logged Data
Slither.io is played through webservers (WebSocket using HTTP). The Snakey Monster server, like most webservers, logs each connection.
The server records the time, the world you were playing in, your IP, the protocol version, your snake's name, and your snake's skin data (which also includes tags IDs and cosmetics), your final score, the amount of time you were playing, the number of kills you got, your final game coordinates, and your "index":
The only data logged that is not available to a player that is in sight of you while you are playing is: your IP, the protocol version (between 11 and 14, used to determine what packets your client can accept), and your "index". The index is a number from 0 to the maximum number of snakes that the server can handle, and are reused (e.g. the next time you play, you will probably have a different one).
There is also some debug logging at times, used to track down bugs (e.g. recording your distance from the center if you go out of bounds, for dome games whether you were inside the dome or not when you died).
The server has never logged the challenge response (where data from an exploit would go).
Moderation Problems
I had a dispute with 2 other people, that had been ongoing for about 6 months.
#1: The 48-hour "mute" without warning. June 19, 2024
On this day, out of the blue, one of the 2 people I was in a dispute with posted:
I ignored it until about 6 hours later, when one of the them took an action outside the discord.
The discussion went on for about 2 hours, with at least 2 moderators participating in the discussion (but in a moderator role). I chose to leave the discussion until the next day.
Overnight, I realized something had to happen... and was thinking it might be best to shut down the Snakey Monster project.
I woke up the next morning to this:
Without warning, and after I said I wasn't going to post more for the night, the moderators decided not to allow me to post for 48 hours. They called me the "aggressor", despite the post that started this talking about how things would get "VERY nasty". And no punishment was given to the other parties in the discussion.
#2: Staff/Moderators Join Accusation With No Evidence
Within 2 minutes after the accusation was made, a moderator posted what has become the official position of the discord staff/moderators:
As I post this over 5 days later, despite being told otherwise, the moderators have neither deleted that post, retracted it, nor posted anything to the contrary.
Within 2 minutes of the accusation, and with no evidence at all and without hearing my side of the story, the staff/moderators had decided to treat me as "guilty until proven innocent".
#3: Moderator Bolstering False Accusation
After the first moderator made it clear that he felt that I was using an exploit, another moderator injected himself into the discussion.
Someone was asking for details, and after the accuser was being vague in describing what happened, a moderator added this:
What is interesting here is that the accuser never mentioned what exploit I used... so he was not merely giving details, but joining the accuser by giving out more information that the accuser wanted shared but had not posted yet. Further, NumerOus somehow knew not just that the exploit could result in code execution, but that it could be used to obtain tag codes, which I believe was only known by the accusers at that time.
After the accuser suggested that anyone using my servers should considered their tag/team codes compromised, this same moderator posted "assisting" information (e.g. information that someone would want to see if they felt their codes were compromised, which they were not).
#4: Moderators Do Not Let Me Respond to False Accuation
Shortly after I discovered that false accusations were being made, I let the moderator that had originally muted me know that the accusations were false:
Despite that, I had to wait until the 48-hour mute ended before I was able to post (and since that was done at night, I had to wait until the morning to respond).
#5: Moderators Delete My Response With No Notice
Things are, of course, very heated by this point.
I finally get a chance to respond publicly. There were other false statements, so I started responding to the easier ones, and was then going to respond to the primary accusation.
At 12:16PM, I posted that in about half an hour I would respond to the primary accusation. At some point after that, I finally had my chance to post my response to the allegations.
posted my response at roughly 12:55PM, and by 12:59PM it was without warning or explanation deleted by moderators (I have heard that it was [SN] IO Soldier).
If I had not seen the post get deleted (it disappears if you are in the channel, as I was), I may never have known it was deleted.
I would love to post my response here, but they deleted it before I had a chance to save a copy of it.
#6: Moderatators Decide to Delete Any Posts in My Defense
Shortly after my post was deleted, a moderator let me know that the position of the moderators was that any message I posted about the situation would be deleted unless it contained certain information that I do not have.
#7: Server Owner Takes No Action
The owner of the discord, Semliot, has not participated much recently, and for the most part lets others take care of moderation.
That said, by not taking any actions in the 4+ days since I notified him, he has implicity condoned the action of the moderators (which I detailed to him after he said that it sounded unprofessional).