Well, sure, if you’re not playing the game then I wouldn’t even have it installed much less sub to it, yeah.
only minimally. Questie, bagnon, gathermate. nothing crazy. nothing that affects combat.
Well, what do you define as “playing the game”? See, I RP, do every Quest. IDC how low nor high level it is. Work on Reputations, Professions, level another Character. See, there’s plenty to do in the game.
Then you’re essentially playing a SP game 
I finally broke down and installed Questie, and I’ve always had a flight timer add-on just so I know how much time I have for AFKs.
I would recommend you use as much account security as you can if you install a lot of addons.
Why is that? Addons can do absolutely nothing to affect your account security. They are simple text and media files that have no access to your personal data.
Now, if you use an executable that updates your addons for you then you have to be careful. However, that’s much different than downloading and installing addons manually.
If I had to use the 15 year old UI and features I would not play this game. Addons add all sorts of things that get rid of tedium and annoying features that I don’t care for. I use pretty much every addon I use in retail and if not those, then it’s to get the UI as close to retail as possible.
I get some people are all aboard the make everything as tedious as possible train, but I’m not.
Why is that? Addons can do absolutely nothing to affect your account security. They are simple text and media files that have no access to your personal data.
Some addons can be laced with keyloggers.
1 Like
They can not, there is absolutely no way a simple addon can have any kind of executable code or key logger.
It’s only when you use some kind of program that installs and manages addons that you should worry about that. Addons themselves are simple text files and stuff like images and other media files. If you install them manually there is no risk.
1 Like
I don’t use any addons except for a few
yeah I played wow on launch day in 2004. The thing people seem to be discounting here is that if you played on launch day, yeah the addon system existed but addons are written by players; they hadn’t actually started writing addons yet. A lot of the people that wrote addons had to actually, you know, spend some time playing the game before they figured out that they liked it enough to spend their time writing addons for it.
Blizzard hasn’t been great about providing developers with documentation for writing addons, so it was a slow process at first before powerful addons started appearing. After a few months, yeah they were common. But for the first month or two, most of the addons that existed weren’t nearly as useful as they are now. Things like questie require that the quest data be collected; that data hadn’t been collected yet. Same for vendor prices. AH mods and census things that rely on the community using the addon and aggregating the data into a server weren’t that powerful yet; back in 2004 it wasn’t common for developers to be able to set up and run public-facing server applications. There were no cloud providers back then, the costs of running a server were way higher. So like, yes, vanilla had addons, but the addons we have today are much, much more sophisticated than what existed in 2004-2005. Look at the source code histories of popular addons: DBM has almost 18,000 commits on git, and the first commit is from 2008. The history appears complete. The first commit for DBM is dated July 20th 2008, no idea if that’s an accurate timestamp or not but I don’t see evidence of it existing before then: https://github.com/DeadlyBossMods/DBM-Classic/commit/9601f3336ebc9ab6b4b7658883c922160d3e84c1
so yeah, there were addons in vanilla, but addons nowadays are much more powerful than they were then.
1 Like
That’s exactly what I’m saying! Some of these people make it seem like all these Addons were accessible back then, but they weren’t.
No Addons yet.
I’d, also, like to clarify, even if they were accessible, like you said, that took time to develop, to make them more optimal.
thaaaaat’s not really true dude. Addons are written in Lua, it’s a scripting language. Literally all source code for all programs is just text. Programmers don’t sit around writing binaries by hand with ones and zeroes. In an interpreted language like Lua, what is shipped is the source code itself, which is then executed directly. Lua addons are executable code.
no idea how viable it would be to write a keylogger or make network calls. I thought addons were sandboxed and couldn’t make network calls but the LFG addon appears to do it so I dunno how that works or what the security context is.
Yes, a scripting language. It is not compiled, it has to have an interpreter in order to do anything. Addons for WoW are written for WoW, they will not run on any other interpreter. Not only that but most operating systems don’t have a default Lua interpreter so there’s nothing to run on in the first place.
Lua addons are not executable in any sense of the word, they are interpreted scripts. They can not compromise your account.
You can’t “write a keylogger or make network calls”. Addons are sandboxed, they can’t make network calls, the LFG addon does not do that.
The only possible vector would be for someone to make an addon which captures your typing in-game (not on your login screen), waits for you to type in both your email and password in-game, then have someone else on your server at the same time who is capturing all of this. Even then I believe that Blizzard has protections in place for this extremely unlikely scenario.
So, long story short? Only ever type your password on a login screen and you’re completely 100% safe with addons.
Not true, many addons were ready for launch day. People had been developing them during the betas. I tested several of them before the game even launched.
I don’t have a lot, but am using some old school addons again.
The biggest game changer for me is elvui which is really just a whole package of available features other addons can supply anyways.
Also using WA so that’s a big one I suppose.
running interpreted code is a form of execution. If you think “execution only means running an executable binary” that’s a totally pointless distinction and one that is not actually used in industry.
https://github.com/DomenikIrrgang/ClassicLFG/blob/master/src/networking/network.lua curious what’s going on here, whether it’s writing to a local file and being turned into networking calls by an external process or it’s actually doing network comms here.