The new VRCA client side encryption can still be bypassed
_ Lily _
Current process:
- VRCA files are unecrypted server sided
- They are downloaded by the VRChat client
- The VRChat client encrypts them, which stops malicious software like Asset Ripper
This has been since the last month
It's really good that at least they're encrypted client side, and it stops most of malicious users
But avatar ripping is still a thing, for example
- Some users found a way to download the VRCA directly
- Some users found out that using a third-party VRChat client, will download the VRCA files without encrypting them
Ideally it would be nice if avatars were encrypted server side, rather than client side
Log In