Hive Players Can Be Stalked Using Hive's API

Idea: Re-add toggle in /settings to turn off API Access to your player stats/data
Hive used to have a toggle related to API Access, I no longer see it. And the “Share Activity Publicly” toggle does not stop people from using the API to lookup your player stats.

How Players Are Being Stalked:
A bad actor requests a players stats for specific games, they compare the data sent for changes with each new request sent. Once a specific data set shows a change in data, the bad actor will be able to snipe the player they are stalking. This is really weird behavior and should be fought against. Please do something about it.

Corruptnnn’s Experience: https://youtube.com/clip/Ugkx6A4MUfRqdJ7fpio9O4yq3msuXuX569HS?si=s95W2AvVu_NZM4LQ

Can you help me understand this? I’d vote but I don’t really understand how they are using an api to do it.

Hive has an API, which stands for Application Programming Interface. More info about it can be found here: https://support.playhive.com/api/, and here: Getting Started with the Hive API | Hive Help

But essentially, its something that allows anyone to request data from Hive’s servers. And Hive’s servers update the data of each player every 5ish minutes. For example, by abusing requests from their api to see someones stats for Skywars, they can see if someones total amount of kills for their account on skywars has changed since the last time they sent a request through Hive’s API to their servers.

If there is a difference in the total amount of kills between each request made, the bad actor will know that the player they requested data on is playing skywars.

These bad actors can request a players data for all gamemodes separately in short time spans, and accurately find the game the player is on at any moment. Its a form of stalking.

Ghost Mode 👻 would fix this kind of, also yea there should be a way to avoid snipers other than just requeueing

5 Likes