Shadowlands Leveling Speed Changes and Chromie Time Disabled XP Option

[kail]

Can't believe people use addon managers. Still.

Keeping track of each individual addon doesn't sound smart nor efficient unless you're only using a few addons total.

[Gorsameth]

Versus what? Manually downloading the addon everytime it updates by tracking its individual addon page? Some people use dozens of addons I think I have like 40 or so that would be a pain in the ass to do. The addon manager tracks it and updates them all at once for me and has a nice search tool to download and install in the manager itself without having to go through a website. Imagine NOT using a manager in this day and age.

Dont update if it aint broke.
Its annoying if Blizzard changes something in the API that breaks addons but other then that the fast majority of stuff can be forgotten about once installed.

[koroglu14]

It was a very useful discussion, I found useful information

[BraveNewWorld]

Can't believe people use addon managers. Still.

Do you, every day, go on each of your addons website and check if there's an update? You'd have to, since some bugs are actual security flaws in-game (for example weakauras had a bug where you could open trade with someone and receive all their gold)

Can't believe people still us subpar systems like Windows or Mac for the same reason. Not using something to manage software updates (or in this case, addons), is just stupid.

[Dundebuns]

If Overwolf isn't happy about people using a public API, then just change the API so it has protections and can no longer be used publicly?

[Fastlane_hellscream]

Prevent us from tracking engagement, and therefore you impact authors’ earnings

This seems a bit funny, considering mod authors can't make people pay for mods without breaking blizzard's ToS...Just a greedy ass company milking people for all they can. Send all the CnD letters you want. Hopefully no one will give two shits about that.

[Kaedis]

And that's Overwolf's prerogative. This actually makes the complaints less legitimate, as Overwolf is patching a flaw in the system they purchased - an API which was not supposed to be generally consumed. I have no doubt that Overwolf is going to patch their services to obfuscate the method by which downloads are done, perhaps by having the client request a temporary download link which requires an initial request which is hidden behind some form of bot detection.

I'm assuming you're not terribly familiar with the nature of API design. Fact is, it's programmatically impossible for Overwolf to have an official client, installed on their users' computers, that can make an API call that a third-party client could not replicate. You can't even use signed requests, because the private key for those has to be embedded into the binary, and thus is extractable via binary decompiling (turning the machine code of the binary back into human-readable source code, though it's typically much more difficult to read than normal source code).

Even with login, this is the case, since the third-party clients can also implement those same login mechanisms. Basically, if their client can do it, then a determined enough programmer can replicate it in a third-party client. Login means that it could potentially run afoul of TOU, but even that's somewhat questionable.

It's also worth noting that this isn't just a case of whether they have the right (or, as above, the ability) to lock down the API. It's a question of whether it would be a smart decision. The harder they try to squeeze on users to only using their stuff, and the more hurdles they add, and the more excess stuff like ads and premium nagware and crap they add in, the more likely users are to simply refuse to use their service. They are the currently dominant addon repository, but that's almost entirely due to ease of use. If they piss off their users, then addon authors will come under immense pressure to find a less invasive repository, and Overwolf will lose the very market dominance they are depending on.

Because of that, I still view Overwolf's statement here as bluster. They are trying to shame users into using their garbage service and client, complete with all of the adware and spyware and nagware that it'll inevitably include, based on appeals to emotion like "but think of the authors!" (despite API calls from their client being indistinguishable from ones from third-party clients, that's the problem for them, actually). I doubt they'll take more than a token action, one that'll require third-party clients to adapt but one that can't actually kill them off.

Unfortunately, Overwolf is part of that (fortunately shrinking) population of companies that still believes the best way to get users to use their stuff is by trying to force them do, by muscling out alternatives, rather than getting users to use their stuff by making a compelling product.

[Assumi]

Dont update if it aint broke.
Its annoying if Blizzard changes something in the API that breaks addons but other then that the fast majority of stuff can be forgotten about once installed.

MMO-Champion comments really are the special ed class of the internet with retarded posts like this.

[Magical Mudcrab]

I'm assuming you're not terribly familiar with the nature of API design. Fact is, it's programmatically impossible for Overwolf to have an official client, installed on their users' computers, that can make an API call that a third-party client could not replicate. You can't even use signed requests, because the private key for those has to be embedded into the binary, and thus is extractable via binary decompiling (turning the machine code of the binary back into human-readable source code, though it's typically much more difficult to read than normal source code).

If this is your genuine response, then it means you have not at all read anything in the prior conversation required to have the bare minimum context of the discussion. The discussion Chakah and I is primarily about public vs. private content. The main point of contention is that Chakah does not believe in the copyrightable nature of websites and their content and disputes that Curse could be copyrightable (i.e.: Overwolf owns the website, endpoints, etc., the authors own the addons and have delegated the rights to distribute them to Overwolf), and disputes that publicly accessible resources can be copyrighted. This is why I make mention of obfuscating the calls to whatever service they use to perform the download (likely a signed URL to some GCS or S3 bucket) behind bot protection or, as I said earlier in the post, potentially forcing login to access the endpoint. The former would stop traditional forms of web scraping from being able to find the exposed endpoints and make requests to them, the latter would force any unwanted access by Overwolf to be considered a ToS violation, so long as the ToS is updated to reflect this, and would make authors who are stealing Overwolf's content liable for damages.

I will repeat this, as it appears to be consistently lost on people. Just because an API can be accessed doesn't mean it was meant to be. I was not questioning how an API could somehow be accessed by one client and not another, as you can send requests to whatever exposed API you want. I was questioning why the API was exposed at all as it is very obvious that this API was not meant to be generally consumed and was being used in unintentional ways.

Even with login, this is the case, since the third-party clients can also implement those same login mechanisms. Basically, if their client can do it, then a determined enough programmer can replicate it in a third-party client. Login means that it could potentially run afoul of TOU, but even that's somewhat questionable.

Login is something I said could be done earlier in the post and, you're correct, it would just be to bait illegitimate users into breaking ToS and potentially opening them to legal ramifications if Overwolf found out.

It's also worth noting that this isn't just a case of whether they have the right (or, as above, the ability) to lock down the API. It's a question of whether it would be a smart decision. The harder they try to squeeze on users to only using their stuff, and the more hurdles they add, and the more excess stuff like ads and premium nagware and crap they add in, the more likely users are to simply refuse to use their service. They are the currently dominant addon repository, but that's almost entirely due to ease of use. If they piss off their users, then addon authors will come under immense pressure to find a less invasive repository, and Overwolf will lose the very market dominance they are depending on.

Overwolf has three options: (1) roll over and anyone for any reason to scrape and steal their content (which seems to be what people advocate for), (2) add a developer subscription where developers could consume their API for a hefty monthly fee (it will need to makeup for both advertisement and data collection revenue), (3) take a minor hit to usage by adding in bot protection (i.e.: ReCaptcha for web downloads to prevent scraping) or login (to force ToS violations and opening people consuming the APIs in their clients to legal action).

No matter what option Overwolf chooses, they lose. What's worse is the community just doesn't seem to comprehend that if they want websites like Curse or WoWInterface to be maintained consistently then there needs to be a profit motive. Other parties that then leech off of the larger platforms reduce the value of the asset (Curse, WoWInterface). This is why Curse gets passed around so much, it's because the community doesn't support the platform and so it gets sold off to someone who believes they can monetize it more efficiently.

Because of that, I still view Overwolf's statement here as bluster. They are trying to shame users into using their garbage service and client, complete with all of the adware and spyware and nagware that it'll inevitably include, based on appeals to emotion like "but think of the authors!" (despite API calls from their client being indistinguishable from ones from third-party clients, that's the problem for them, actually). I doubt they'll take more than a token action, one that'll require third-party clients to adapt but one that can't actually kill them off.

Of course, because Curse is worth less when people use these other clients. I'm not saying that Overwolf shouldn't improve their website; however I take issue with this demented robin hood-like mentality that these third parties have in stealing content, rather than actually developing a platform which is attractive to users and authors.

Unfortunately, Overwolf is part of that (fortunately shrinking) population of companies that still believes the best way to get users to use their stuff is by trying to force them do, by muscling out alternatives, rather than getting users to use their stuff by making a compelling product.

They're not muscling out alternatives, they're locking down their platform to prevent others from stealing their userbase. This is totally fair on their end. If players want to cry about platforms not acting how they want, mostly due to players using but not supporting said platforms, then they need to turn to popular addon authors to begin the change towards developing a new open platform which is more friendly to 3rd parties.

[Ielenia]

I will manually update my addons before I use overwolf if they manage to find some way to kill wowup. They don't own the copyright on addon managers lmao.

I... don't think you know what this is really about and I have the impression you're just jumping in a bandwagon for a quick ride.

This has nothing to do with "copyrights", of addons or addon managers, whatsoever. It's about the fact that third-party addon managers would scrape (i.e. download without authorization) the mods from CurseForge's database.

Overwolf is not telling the addon manager developers to kill their programs, they're not sending C&D letters, they're not forbidding other developers from making addon managers. They're simply saying "make your own database, or go download your mods from someone else's database, but you don't have access to ours anymore."

And as for the addon developers, they're not "forced" to keep their mobs on OverWolf's databases only. They're free to host their mods on their own websites as well, as well as in any other addon hosting service, like WoWInterface and GitHub.

[JerseyGhoul]

If Overwolf isn't happy about people using a public API, then just change the API so it has protections and can no longer be used publicly?

Here's the thing about computers, they’re very good at repetitive tasks and you can make a computer look like a person to another computer.

Firefox, for instance, has addons that let you pretend you’re using a different browser.

I don’t imagine it would be too hard to convert an app using an API over to just querying the addon pages themselves. Cumbersome, but doable.

[Dartz1979]

I just want my addons to update when new patches happen hopefully overwolf will have a desktop app like twitch had thiers so can update addons quick and fast

[Nutri]

So, whats the alternative to Overwolf? Serious question.

[Ishayu]

This ignores the fundamental difference: Linux packages are by and large hosted by academic spaces who receive public funding to do so. Now I could probably host a site on my servers at the university no doubt, but if the traffic ever reached significant numbers, it would start to rise eyebrows and ultimately I'd be forced to shut it down.

It does indeed ignore that, because in many cases it isn't true.

Besides, what prevents WoW addons from being hosted at a dorm or university computer? We had a server room at my dorm and we hosted all sorts of things - WoW addons wouldn't have been a problem, but addon distribution wasn't a problem at the time in general.

I mean just look at the original WoWAce. Never complained.

[lurkanomics]

In Vanilla (not Classic), I ground out the last 1.5 levels killing orcs and ogres in Burning Steppes...

With you on that, back when people played just to play (not knowing every little thing to do to ding efficiently) there were def quest droughts near the end of the road to 60 - EPL was barren af when it came to questing, pretty sure I spent 58-60 mostly in UBRS

[Alja]

The new WoWUp one seems pretty nice, been using it for a couple of weeks now. Really lightweight, minimalistic.

Agree with this, I really like wowup, it has a good GUI, doesn't seem to bog down my system with anything, and does what I want it to -which is update my addons without a bunch of filler.

I was a bit on the fence about how scummy Overwolf was/is, simply because I didn't really know that much about them - but this blog post reeks of scum.

[Baneto]

So, whats the alternative to Overwolf? Serious question.

WowUP.io - Minimalistic addon manager without all the bloat of Twitch/Overwatch-client.

[Nutri]

WowUP.io - Minimalistic addon manager without all the bloat of Twitch/Overwatch-client.

Cheers, I'll have a look at that.

[Chakah]

If this is your genuine response, then it means you have not at all read anything in the prior conversation required to have the bare minimum context of the discussion. The discussion Chakah and I is primarily about public vs. private content. The main point of contention is that Chakah does not believe in the copyrightable nature of websites and their content and disputes that Curse could be copyrightable (i.e.: Overwolf owns the website, endpoints, etc., the authors own the addons and have delegated the rights to distribute them to Overwolf), and disputes that publicly accessible resources can be copyrighted.

If you read the LICENSE.txt or equivalent included with almost every addon, the copyright statement doesn't say overwolf. They don't own the copyright on the addons. They are often GPLed or Creative commons or the like.
They do have a copyright on their website. I never disputed that. I claim that their catalog of addons provided by the API is merely an automatically generated inventory of addons that are automatically packaged for distribution by them, and as such, isn't a creative effort deserving of copyright. But only a court can decide that 100%.

If Overwolf offered a hand-selected list of addons that work well together, that would be different, creative, and copyrightable. But as far as I can see, they don't.

What I dispute is your assertion that using one client instead of another causes a copyright violation. I mean the whole point of this is addon distribution. They put the files there so end-users can make local copies.

This is why I make mention of obfuscating the calls to whatever service they use to perform the download (likely a signed URL to some GCS or S3 bucket) behind bot protection or, as I said earlier in the post, potentially forcing login to access the endpoint. The former would stop traditional forms of web scraping from being able to find the exposed endpoints and make requests to them, the latter would force any unwanted access by Overwolf to be considered a ToS violation, so long as the ToS is updated to reflect this, and would make authors who are stealing Overwolf's content liable for damages.

Addon updaters aren't 'stealing' anything (violating ToS) - The end users are! Thats the point here - the downloader is merely a tool. The content ends up in the same hands either way. If overwolf wants to waste their time closing free user accounts that violate this hypothetical ToS, I guess they are welcome to. End users can create new accounts faster than they can close them.

I can think of several methods to have 'secure' distribution, but I highly doubt users would tolerate getting USB sticks in the mail with addons

I will repeat this, as it appears to be consistently lost on people. Just because an API can be accessed doesn't mean it was meant to be. I was not questioning how an API could somehow be accessed by one client and not another, as you can send requests to whatever exposed API you want. I was questioning why the API was exposed at all as it is very obvious that this API was not meant to be generally consumed and was being used in unintentional ways.

We aren't lost on this, you are simply incorrect. The API is there so that clients (addon manager software like WoWup, Twitch, and Overwolf) don't have to navigate (scrape) their website. While they may *ask* end users to only use their client, as Kaedis says, it's pretty much technically impossible to enforce.

Overwolf has three options: (1) roll over and anyone for any reason to scrape and steal their content (which seems to be what people advocate for), (2) add a developer subscription where developers could consume their API for a hefty monthly fee (it will need to makeup for both advertisement and data collection revenue), (3) take a minor hit to usage by adding in bot protection (i.e.: ReCaptcha for web downloads to prevent scraping) or login (to force ToS violations and opening people consuming the APIs in their clients to legal action).

2. It's the end users performing the API access. And Blizzard absolutely forbids overwolf for charging for addon distribution.
3. They already sorta do this on the website. They kinda broke deep linking since the WoWMatrix days. Which is why they needed to make an API for their client. lol.

No matter what option Overwolf chooses, they lose.
What's worse is the community just doesn't seem to comprehend that if they want websites like Curse or WoWInterface to be maintained consistently then there needs to be a profit motive. Other parties that then leech off of the larger platforms reduce the value of the asset (Curse, WoWInterface). This is why Curse gets passed around so much, it's because the community doesn't support the platform and so it gets sold off to someone who believes they can monetize it more efficiently.

As digital distribution becomes cheaper and easier with each passing year, they value of being a distributor keeps decreasing and the profitability of being one would be expected to decrease.

When Curseforge was created, GitHub, Discord, and Patreon didn't exist. Distribution, discussion and support of addon authors was a much harder problem and there was more value in the service they provided. I had Curse premium myself back in the day. But IMO, Curse abused their position. And overwolf's reputation for being abusive to end users long proceeds their involvement with WoW addons. Their recent behavior trying to attack the community isn't helping them.

If players want to cry about platforms not acting how they want, mostly due to players using but not supporting said platforms, then they need to turn to popular addon authors to begin the change towards developing a new open platform which is more friendly to 3rd parties.

Yes. And this is happening. Note how many addons listed on curse have 'source' or 'issues' links to GitHub. Those aren't new - it's been slowly happening for months/years. Players truly don't care about supporting the distribution platform, they only barely care about supporting the developers (pity). This is why overwolf tries to paint themselves as heroes with their revenue split with authors. But no addon author has made significant money from them in the past and many have turned to Patreon instead.

[Magical Mudcrab]

If you read the LICENSE.txt or equivalent included with almost every addon, the copyright statement doesn't say overwolf. They don't own the copyright on the addons. They are often GPLed or Creative commons or the like.
They do have a copyright on their website. I never disputed that. I claim that their catalog of addons provided by the API is merely an automatically generated inventory of addons that are automatically packaged for distribution by them, and as such, isn't a creative effort deserving of copyright. But only a court can decide that 100%.

I did not say that Overwolf owns the copyright on the addons, and I would assume that most addons have MIT or some equivalent to allow other authors to build on their work without needing to worry about repercussions. They do, however, own the copyright on their site, their search algorithms, etc. Addon authors own their work and give Curse/Overwolf permission to distribute the addons. Whether lists of facts - or in this case, a list of publicly available addons - could be considered copyright comes down to whether the way in which they're presented is novel. It's not a question of whether Overwolf can make a claim to the addon, but whether they can make a claim to the information on their system, which I believe they can.

Addon updaters aren't 'stealing' anything (violating ToS) - The end users are! Thats the point here - the downloader is merely a tool. The content ends up in the same hands either way. If overwolf wants to waste their time closing free user accounts that violate this hypothetical ToS, I guess they are welcome to. End users can create new accounts faster than they can close them.

I can think of several methods to have 'secure' distribution, but I highly doubt users would tolerate getting USB sticks in the mail with addons

It's not really about who it goes to, it's how it gets there. The fact is that Curse, and now Overwolf, seem to indicate that the APIs being used were not supposed to be used in the manner they are. The request is coming from the user, but it's the 3rd party client which is consuming the API without permission.

We aren't lost on this, you are simply incorrect. The API is there so that clients (addon manager software like WoWup, Twitch, and Overwolf) don't have to navigate (scrape) their website. While they may *ask* end users to only use their client, as Kaedis says, it's pretty much technically impossible to enforce.

What you are saying and what Kaedis is saying are not at all the same. Kaedis was stating how you can't restrict who can access the API because for the API to be usable externally then anyone must be able to hit the API, and if you can hit the API you can spoof requests and a system can't verify who the request came from, only that it's a valid request. It's true, but fundamentally irrelevant. I'm not wondering how their API works, I'm wondering why they - Curse/Overwolf - allowed their API to perform operations which they appeared to not want it to.

This is one of the reasons why I mentioned adding bot detection/prevention. Things like reCaptcha can stop requests to get download URLs. It would essentially force 3rd party authors to embed the web page using an iFrame, if it is a web interface, and this can be prevented using X-FRAME-OPTIONS. Additional access methods, such as OAuth2 verification on API requests or JWT tokens from login, could allow the problematic endpoints to remain only for people with developer accounts and for native applications.

2. It's the end users performing the API access. And Blizzard absolutely forbids overwolf for charging for addon distribution.
3. They already sorta do this on the website. They kinda broke deep linking since the WoWMatrix days. Which is why they needed to make an API for their client. lol.

2. This is not the same as charging for addon distribution, it's charging 3rd parties for usage of their resources. Addon authors should be forced to use some authentication mechanism in order to utilize the API, and what this would do is make it so that 3rd party authors could choose to pay a subscription to have full access to Overwolf's catalog, essentially giving a license to allow 3rd parties to compete with Overwolf without reprisal.

As digital distribution becomes cheaper and easier with each passing year, they value of being a distributor keeps decreasing and the profitability of being one would be expected to decrease.

When Curseforge was created, GitHub, Discord, and Patreon didn't exist. Distribution, discussion and support of addon authors was a much harder problem and there was more value in the service they provided. I had Curse premium myself back in the day. But IMO, Curse abused their position. And overwolf's reputation for being abusive to end users long proceeds their involvement with WoW addons. Their recent behavior trying to attack the community isn't helping them.

Yes. And this is happening. Note how many addons listed on curse have 'source' or 'issues' links to GitHub. Those aren't new - it's been slowly happening for months/years. Players truly don't care about supporting the distribution platform, they only barely care about supporting the developers (pity). This is why overwolf tries to paint themselves as heroes with their revenue split with authors. But no addon author has made significant money from them in the past and many have turned to Patreon instead.

If GitHub was a viable alternative, then Curse would not be as popular as it is today. The fact is that most users do not want to have to use something like GitHub which will be more than a 1-stop for their addons. It's never going to be a question about whether digital distribution is going to to be easier, rather it's a question of is the form of digital distribution attractive to users. I think that user indifference to platform and author support is one place of common ground we can agree on.