So that issue breaks some part in this mod

Disable the chat preview when connecting to a enforce-secure-profile=true server to prevent servers from tampering with messages as detailed in MC-253521 (the issue was marked as invalid, but the exploit is still possible).
EDIT: MC-253888 has more information

This mod is great and is pretty much essential. However, if the player wants to join a server with enforce-secure-profile, it's currently impossible to do so. I've already seen a warning screen being mentioned in the issues, and I propose that this mod (or a companion mod if this isn't in scope for this mod) provide an alternative chat system, preferably a standardised one.

How this would work is that the user would be warned that the server uses enforce-secure-profile and that their messages could be used to report them, and if the user chooses to continue, the chat message box would have the ability to send messages through the regular Minecraft chat protocol, or any other protocol (Matrix? IRC?) and messages wouldn't arrive at the server at all, preventing any message from being reported. More importantly this would let users communicate through a system that is... well just better than Minecraft chat.

Drawbacks

• This would require every user that would like to participate in chat to use the same mod, otherwise messages wouldn't be seen by other players.

Good things

• If a standardised instant messaging protocol is used then non-Minecraft clients would also be able to connect, and cross-server communication would be possible

Questions

• Would this be in scope for this mod? This mod already disables telemetry, doing more then what it's initially intended purpose was. Therefore it's entirely normal for such a feature to be included in this mod.
• Would this require a name change for the mod if it is implemented? In my opinion, yes.
• If this isn't in scope for this project, could this be implemented as a companion mod for this mod? This makes more sense then implementing this feature in the mods current state, however if the scope of this mod is widened then this feature could also be included in this mod.

If this is feature request is greenlighted I'm more than willing to contribute to the implementation of this feature.

Please remove the [Not Secure] tag

Something like ⚠️ next to the server in server list when the server has enforce-secure-profile enabled.
Assuming it can be determined before connecting, that is.

if possible add it as option in server side
i know this mod called no-chats-reports
maybe create new fork for this specific feature ?

As the title, is it possible to make this mod runs alone without a mod api, just like how optifine works?

Minecraft Version: 1.19
Fabric Version: Fabric Loader 0.14.8
Java Version: Java SE Development Kit 17.0.3.1

Full Minecraft Log:

[19:56:02] [main/INFO]: Loading Minecraft 1.19 with Fabric Loader 0.14.8
[19:56:02] [main/WARN]: Mod resolution failed
[19:56:02] [main/INFO]: Immediate reason: [HARD_DEP_NO_CANDIDATE nochatreports 1.19-v1.2.2 {depends fabric @ [*]}, ROOT_FORCELOAD_SINGLE nochatreports 1.19-v1.2.2]
[19:56:02] [main/INFO]: Reason: [HARD_DEP nochatreports 1.19-v1.2.2 {depends fabric @ [*]}]
[19:56:02] [main/INFO]: Fix: add [add:fabric 1 ([(-?,?)])], remove [], replace []
[19:56:02] [main/ERROR]: Incompatible mod set!
net.fabricmc.loader.impl.FormattedException: Mod resolution encountered an incompatible mod set!
A potential solution has been determined:
	 - Install fabric, any version.
Unmet dependency listing:
	 - Mod 'No Chat Reports' (nochatreports) 1.19-v1.2.2 requires any version of fabric, which is missing!
	at net.fabricmc.loader.impl.FabricLoaderImpl.load(FabricLoaderImpl.java:190) ~[fabric-loader-0.14.8.jar:?]
	at net.fabricmc.loader.impl.launch.knot.Knot.init(Knot.java:148) ~[fabric-loader-0.14.8.jar:?]
	at net.fabricmc.loader.impl.launch.knot.Knot.launch(Knot.java:68) [fabric-loader-0.14.8.jar:?]
	at net.fabricmc.loader.impl.launch.knot.KnotClient.main(KnotClient.java:23) [fabric-loader-0.14.8.jar:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
	at org.multimc.onesix.OneSixLauncher.launchWithMainClass(OneSixLauncher.java:210) [NewLaunch.jar:?]
	at org.multimc.onesix.OneSixLauncher.launch(OneSixLauncher.java:245) [NewLaunch.jar:?]
	at org.multimc.EntryPoint.listen(EntryPoint.java:143) [NewLaunch.jar:?]
	at org.multimc.EntryPoint.main(EntryPoint.java:34) [NewLaunch.jar:?]
Process exited with code 1 (0x1).

#43 but on v1.4.2. Game restart fixes it, relogging or the refresh button will not.

Expected Behavior

The game launches normally.

Current Behavior

The game crashes during the startup.

Steps to Reproduce

1. Install Adoptium Java 18.0.1, MultiMC 0.7.0-develop-3450.
2. Create an instance of Minecraft 1.19.1-pre2 in MultiMC.
3. Install the mods: Fabric Loader 0.14.8, Fabric API 0.57.1+1.19.1, No Chat Reports 1.19.1-pre2-v1.3.1.
4. Launch the game.
5. The crash occurs.

Log

https://www.toptal.com/developers/hastebin/ekobivuxex.sql (some paths were modified)

This is already an essential mod, but I think it would be more convenient to use if it were also made as a serverside plugin for use in bukkit/spigot servers, since not all players are aware of this change even existing, let alone caring enough to change their settings over it.

Vanilla 1.19.1-pre2 server, modded Fabric client with NCR 1.3.0.

When trying to join the server, the #4 warning is displayed. However, when clicking "proceed" it appears again and again, only stopping when the user actually checks the checkbox first.

Edit: it even reappears once the player is kicked from the server, at which point the Proceed button gives a networking error 😁

Hey, this mod is very cool, however, does it run any risk of triggering a ban?

An option to hide the client-side report triangle would make sense. Right now you've tied it to when the mod exists on the server as well, but a separate option for the client only would be nice.

Not sure if it is in the scope or not, but have you considered adding a per-server or global toggle?

Mainly what concerned me is the new info you received:

To make Velocity compatible with this mod, add -Dauth.forceSecureProfiles=false to your Java command line flags (on the server side, when starting Velocity).

Previously I thought that modified servers like Paper would not/have not implemented it, per https://forums.papermc.io/threads/paper-1-19.344/

Currently, all messages will be sent as (unsigned and unverified) system messages – this has no meaningful impact on how clients display these messages yet. With Mojang trying to make the player chat more secure, we will have to make some larger additions and changes around message events and API in the future to allow features like the ability to preview formatted messages on the client.

Or at least I thought they wouldn't force it. But since it does, the impact may be larger than expected...

Since the setting cannot be changed, the button shouldn't appear clickable. Instead it should be grayed out, like the "Difficulty" button in the world creation screen when selecting Gamemode: Hardcore.

To make Velocity compatible with this mod, add -Dauth.forceSecureProfiles=false to your Java command line flags (on the server side, when starting Velocity).

Seems like this can now be done with force-key-authentication = false in velocity.toml

Add a way for servers to bypass the bans and on the game so mojang can’t do anything and hide the warnings or allow people to report anyways so mojang gets a ton of banned people reported

To go along with #4, I suggest the following warning icons. These should be displayed in the rightmost edge of the chat textbox, to prevent being too intrusive.

• Green ✅
  • The mod has been discovered on the server
  • The server is using 1.18.2 or below
  • No detected reportable messages (so using different channel)
• Yellow ℹ️
  • The mod is working client-side only
• Red ⚠️
  • Player overrid the warning of #4 and messages are reportable

Vanilla 1.19.1-pre2 server, modded Fabric client with NCR 1.3.0.

1. Start the server with enforce-secure-profile=true
2. Join with the client and, check the checkbox and proceed with the warning. Verify the icon next to chat - it is red
3. Restart the server with enforce-secure-profile=false
4. Join with the same client, verify the icon next to chat - it is still red
5. Join the same server via different host (e.g. ip instead of domain or vice-versa)
6. Verify the icon - it is yellow as it should
7. Remove the original host from whitelist, restart the client
8. Join the original host
9. Verify the icon - it is yellow as it should

This making me pull my hair out, but something is creating a five to TEN minute delay on start up (before the minecraft window pops up). Disabling this mod removes this delay.

https://paste.ee/p/b5Kzk#s=0&l=323

Line 323 shows the delay.

This mod is currently incompatible with the styled chat mod on 1.19.0 server
https://github.com/Patbox/StyledChat
Logs will be added soon

I've noticed the mod reverts 1.19.1-pre2 chat colors/warning icons, but as ugly as they may be, an option would still be nice for debugging purposes and possibly better compatibility with other chat mods (which may want to apply a different style to them etc).

Will there be a server plugin version of this, so servers running Paper, Spigot, etc can disable chat reports for the entire server?

Hey, this is an incredible mod; I was wondering if you have plans to make a version/plugin for other server types like PaperMC, Spigot, and Bukkit?

This can be used under Quilt so please mark this mod as Quilt supported in Modrinth.

Not a huge priority, but may come useful for modpacks which only want to give config or only server list for this mod.

Server will relay them unless "enforce-secure-profile" option is set to true in server options, in which case it will not let you join.

If I understand this correctly, this paragraph is about whether a 1.19 server has toggled an option in server.properties.

In that case, what is the message the client receives when trying to join it? Assuming it is a cryptic error message, could you add an explanatory one?

Mojang has mentioned that you could also be banned from past versions of the game. I'm not sure if this means from in-game or literally just preventing the launcher from running that version but either way it seems like something they're going to be doing at some point.

Perhaps in the future, a port to earlier versions might be required. I'm just creating this issue to alert of this potential problem.

In your latest video, around 22:30, you talk about private keys being stored in plain text. Is there any safe and ethical way for this mod to safeguard those, if Mojang will not fix it for 1.19.1 release?

I'm worried that Microsoft may decide to take down this project in the future. Since Github is owned by Microsoft, this is a trivial thing for them to do. So I suggest creating a mirror of this project to another site. Gitlab, BitBucket, & Sourceforge are some examples.

I think some servers would appreciate a (serverside) config option to translate this message:

My ideas would be to either add that message to the lang files and let the server choose which one to use or to allow them to configure a custom message through the config, like plugins often do, which offers far more customization.

You could also have one config option which can be used for both:
If it is, for example, set to "en_en", the default translation is used, if no lang file with that String was found (or the format is not xx_xx), the String itself will be the message. That'll only work as long as there aren't multiple serverside messages, of course.

This suggestion is based on #45.

When trying this out in 1.19.1-rc1 (fabric) the game fails to open. Here's a link to my logs:
https://paste.ee/p/EsrvC

Is this mod compatible with Open To LAN and is that officially supported?

The above code, present in commit ae263f1, uses a literal string to show the kick reason, which is that the mod is not installed on the client but is required there by the server. This string could use some translations, which should make the mod a bit more accessible to international players.

This would let banned players servers with online-mode=false. You won't be able to access servers that have online-mode=true, but at least you can play with your friends.

The Realms button would stay grayed out, since it wouldn't work properly anyway.

I'm testing this mod on the server but I can't tell if it works or not, I have a vanilla client with "Only show secure chat" turned on, and I can see my own chat despite the mod being installed on the server.

Does this mean the mod isn't working or does the client show its own chat messages regardless of signature status? I also don't see a flag indicating the signature is invalid, if the option is turned off, which I was told there would be.

Unfortunately I don't have a second minecraft account to test this with.

I'm using pre3 with the latest build (43 minutes ago) of your mod.

As of v1.4.1 there seems to be a reload button in the multiplayer view. While it could be useful in some cases, I don't think it needs a separate visible button at the moment.
How about merging it with the vanilla refresh button so it does both things at once?

As of 1.3.2 there is a timestamp scrambler in the mod. However, there is no explanation on the mod listing about how does it work, please add it.

1.19.1 snapshot versions of the mod have received several useful changes, including the whitelist and chat indicator. These would make sense to get backported to 1.19 as well at some point, as some clients/servers are probably afraid to update to 1.19.1 at all.

From what I understand about vanilla chat behaviour (the red bars/(!)-things that were added in pre2) and MC-253517, online-mode=false servers should never be treated as "dangerous", even if their enforce-secure-profile=true, because the chat is still considered unsigned despite what is asked from the client.

Correct me if I'm wrong.

By this I mean if I can use them both, if i need to remove the no telemetry one and how the implementation is done (is it just copy pasted from the other mod? is it a rewrite? is there any difference on how much it's blocked?)

Hello, can someone explain somewhere how messages are signed and transferred between client, server, other clients and a report server. I would really appreciate if details would be out on curseforge page too.

Mainly I don't understand how chat signatures work. Does client generate private key for each session and uses it to sign all messages or will it send message to auth/session server for signing? Also what is being delivered to server that is handling reports?

With the recent changes there will be a lot of servers that enforce signatures. It would be nice if you have a warning or toggle to not accidentally send a signed message. This would remind you to use a chat alternative of choice.

A configuration menu in Mod Menu for the client to enable/disable the mod without having to restart the game so that you are able to join servers with [as of 1.19.1 pre2] default setting for enforce-secure-profile: true.

(This is not an issue, but rather a discussion. I know normally there should a Discussions tab, but it's disabled ig)
Anyways, I'm just worried that, with newer versions after 1.19.1, Mojang might try to fix this mod by forcing crypto-signing messaging client-side. Therefore, this mod would be quite irrelevant for compatibility with vanilla clients. Maybe this is an issue to prepare for. I guess adding a feature to send SYSTEM messages would be nice to be worked on??? Heck idk, but this is a fear I'm having and this mod seems to be the most popular to disable Mojang Reporting, sooo.. yeah. Could be nice to hear your thoughts now rather than when chaos would ensue.

(This is highly hypothetical and I'm looking way too much in the future, but forcing message signing could be the easiest way for Mojang to kill this mod)

do you think bots false banning too many players could force microsoft to at the very least restart the ban system?

As the client can no longer report others, but can still use the Social Interactions screen, the button text should be changed from Player Reporting to Social Interactions, aka menu.playerReporting to gui.socialInteractions.title.

Edit: this should have a separate option