So this is a bit of an interesting one. The bot is mostly meant for myself, but has features that can be integrated across whoever uses it.
So the idea here that I’ve made is the following. It’s a VRChat stalker… but it stalks your own account. How it works is the following:
When you launch the bot, it logs in with the required 2fa systems as normal. So think 2fa, credentials, etc.
Upon proper validation of the account and the ability to use the bot. The bot starts up, and listens to the websocket for any events sent by vrchat. By default, everything is disabled. First up, you as a user need to verify. (The account initially used has to be different from the account you wanna track)
First of all, you verify with your account. This is a non-negotiable requirement.
You either accept a VRChat friend request. Or add a temporary code to your status. For the friend request, the account will send you a friend request you have to accept.
Once accepted you verify the status and proceed with the bot. But now, if I try to enable the location tracking. There is still one issue… I have not yet given consent to the system to track my account(s).
Checking what comes into the websocket, I see “hey, friend location is not allowed to track this user”.
This means that if I want to track my location, I have to give consent to that additionally as well.
The system processes if you are still a friend and/or verified. The moment you aren’t friends, all consent is revoked by default and you have to re-grant the consent.
The system is made to support more then one account, but only if you verify with each single one of them. If you are verified with an account that you aren’t friends with? Consent is (by default) revoked. As you need to be friends to be tracked (Websocketttsss)
Now, what can this be used for? Lets say I am tracking my own account. I made 2 methods to for example… share a link!
One of these, share an unlocked (or locked) link. Both work, it will always prefer the full instance with it’s nonce when given by the user. If it’s not given however, it will default to detecting it from the user. This would only work if the user is on Join Me or Online, and in a public, GPublic, G+ instance. If the user is on Ask me or DND, you need to manually send an invite to the bot to figure out the world. And it will markdown your profile for people to request off of you instead of getting the direct instance link.
This is how it looks when i am connected to a public instance:
However, this is what it’ll say when I go to the same world… in a private instance.
The invite gets processed though the websocket (It’s the user responcibility to make sure they can accept invite requests)
Now, instead of sending an link with a full invite. It will send the worldname… But ask of the user to request the invite from the user themselves!
This is my take at a consent friendly tracker bot, what do ya’ll think? Any ideas? Any other stuff I could, or should implement?
// Keep in mind, this is a personal project. It’s not meant for public use… but it can be.