Why FDP is the most dangerous client within the community
I highly advise you to read Part 1 of this situation, it provides lots of background information that will make it easier to grasp what is going on.
A quick summary of our information so far: One of the FDP developers, XiGuaHanHan, had uploaded a file to FDP within an archive named artifact.zip, which was thought to be a RAT by Tecnio#0001, a well respected Rise developer. The staff team has lied to their own community twice… and they’re willing to do it again and again.
Immediately after, KittenSenpai, my admin, started sending the post to the FDP staff team. People had to be aware. FDP logs .JAR files, and this is a threat to our community. But while arguing whether artifact.zip was an actual RAT or not, they admitted to something… weird. https://imgur.com/DSQ5LQ1
This conversation is a conversation between KittenSenpai, my admin, and 2 FDP Staff. As you can see, some profile pictures and names are blurred and some have a black box over them. This is because they are two different people, so I made the difference clear to avoid confusion. However, the most important part is that FDP logs HWIDs. I spoke to multiple developers about this, and an important thing to note about it is that HWID logging in itself is not harmful. However, it is INCREDIBLY sketchy. Let me explain.
HWID stands for Hardware ID, and it is a unqiue ‚key‘ for your computer. The very device you are reading this article on right now has a HWID. Think of it as a fingerprint- it can be used as an identifier unique to your PC. Paid clients use this as an authentication that the user has actually bought the client. When you set your HWID, it is whitelisted, and only PCs with a whitelisted HWID will be able to run the client. For example, if you buy Rise, but send the client files over to your friend, your friend will not be able to use the client because their HWID is not whitelisted.
So why is it so sketchy? Well, news flash, FDP isn’t paid. Meaning they do not need your HWID FOR ANYTHING. So why do they log it? My theory is that there is potentially something much more sinister going on. For example, what if they use it to identify what PC they are logging? However, there is 0 evidence to support this theory, it’s just a possible reason why they would do this. Although one developer I spoke to did say it could very well be for logging statistics, the screenshot suggests that the FDP staff do not think so. So there’s no real reason to be worried about this, but it is… sketchy.
But how does this make FDP dangerous? Well, the most dangerous thing about FDP isn’t a HWID logger… it’s a person.
Remember our good friend XiGuaHanHan? The one who added a supposed RAT? Well, he’s the most concerning part about FDP. And let me explain just how sketchy he is.
- Issues between the staff team. There was one staff member KittenSenpai had a long and detailed conversation with, and he explained he didn’t like Mr XiGuaHanHan himself either. https://imgur.com/3Ov0mqs
He also mentions the artifact.zip ‚RAT‘ we found earlier wasn’t a real one, since there was no code in the client to execute it. He implies that XiGuaHanHan did it on purpose, but that logic makes 0 sense to me. XiGuaHanHan did back this up by stating in public chat that the RAT in the client was indeed a fake, which you can see here, but I found it interesting that he only felt the need to state it was there in the first place once multiple people had already found it and made it public news. I’m chalking that up as another lie for FDP. And this is when things start to get dangerous. Due to their, primarily young, userbase blindly trusting them, they can insert RATs without any repurcussions. This RAT may have been fake, (there’s also a chance it was real though) but if it was real it would be too late already. Remember, it was 4 days before they added a clean version.
The staff member KittenSenpai spoke to also mentioned he has a much better relationship with the rest of the staff team. In fact, they even believe XiGuaHanHan put artifact.zip in to ‚get back at them‘, which you can see in his response when KittenSenpai asked why XiGuaHanHan would willingly destroy the reputation of his own client. But that’s just the first, less important point of why we should be concerned about this developer. A more important thing to note:
2. He doesn’t care about FDP. He intentionally put in a ‚fake‘ RAT knowing people would find it and lose trust in FDP. I’d like to remind you that FDP might be one of the, if not the biggest 1.8 clients in terms of current player count. A reckless developer that is sketchy as fuck isn’t what FDP needs, and this is what KittenSenpai told the other lead developer as well. However, the response was extremely… mild. And I’ll get back to this in my conclusion but this is an issue. This poses a threat to the entire FDP userbase, because this developer is not taking any precautionary measures and if XiGuaHanHan RATs 1000s of users, removing his access to the client won’t undo the damage done.
Conclusion: FDP is the most dangerous client within the community, because of the power its developer has, and its trusting community that blindly believes everything XiGuaHanHan tells them. I hope I have managed to convince you that XiGuaHanHan is more than willing to RAT users, does sketchy things behind the Staff team’s back, logs HWID for some weird reason that he refuses to state, and lies to users frequently. In my opinion, he needs to be removed from his position, and if the FDP staff and developers are too lax to do this, I’d like to implore people reading this to stop using it now. Liquidbounce+ is a much better alternative, it’s less skidded and generally safer to use than FDP.
EDIT: The HWID logger does have a use, it is used in crash reports. This makes is less sketchy, however, this does not mean it is not used for other purposes. However, this isn’t a ‚guilty until proven innocent‘ situation, and I am therefore no longer holding it as a major point against them. Everything else I say is still valid.