E2 is an amazing tool. It's fun, it's challenging, it's frustrating, and it's powerful. I personally love E2, it's actually what got me into programming in the first place.
There are so many cool things you can do with E2. Just check out the Wiremod/Facepunch forums or the PAC server some time, they both have people showing off amazing E2 creations.
E2 has a lot of interesting and flexible extensions that enable you to interact with almost everything in Garry's Mod: PropCore, PlayerCore, StreamCore, MeshCore, etc. All of these awesome extensions have taken what was previously just an easy way to simplify your physical wiremod contraption to a crucial part of any build-like server.
With this great power comes the necessity for users to exercise great responsibility. Unfortunately, in general, they don't.
I've done my best to refrain from limiting E2 in any fashion. The only limitations I've imposed are on those features which are particularly abusive, or exceptionally unfair. In fact, I've actually modified the E2 settings to make it more permissive and liberal with its internal limitations (e.g. Faster holo spawn rate limit, more holograms, faster EGP update timing, more EGP objects, etc.).
Only having implemented these narrow, specific restrictions, E2 on our server is still prone to abuse. One can abuse E2 on our server with relative ease. This is partially due to the fact that E2 is abusable at its core, but is also due to our efforts to keep E2 as permissive as possible.
Typically, most servers manage this abuse potential by rank-restricting the E2 tool to something like Regular+. Another thing that some servers do is restrict or limit each function independently.
We hate both of these options. We think it alienates new players and prevents them from having fun on our server. It pushes away those who like to primarily use E2, and that's the last thing we want. We want CFC to be a haven of E2 development, and we want everyone to feel that they're able to easily start (or continue) messing around with E2.
To this end, we've settled on an option that we believe reaches as close to an even compromise as possible.
What is Responsible Record Keeping?
Our Responsible Record Keeping Policy (referred to as the RRKP, or simply Record Keeper) is a custom-made system to gather and keep records of E2s spawned in our server.
The Responsible Record Keeping Policy was put in place to address the challenge of combating E2 abuse and has been active since June 27th, 2018.
This system will allow us to quickly respond to reports of E2 abuse in the server. If a report comes through about E2 abuse, this system allows us to reference the E2 records for the reported player and determine if they truly did spawn an abusive E2.
How does the RRKP work?
Every time an E2 is spawned on CFC, the system will queue it up to be recorded. Once the E2 reaches the front of the queue, the code is encrypted, compressed, and then sent off to an external server which is owned by CFC.
Once it reaches our server, the data goes through a few verification checks to ensure that the data made it to us as we expect. After the data has been verified, it's then saved to the player's folder (the folder's name is the player's steam id).
Once saved, the only data stored in plaintext is the E2's Name, the time the E2 was spawned (in unix timestamp format), and the player's Steam ID. The actual code would need to be decompressed and decrypted before it could be viewed.
Each file saved only has a 30 day lifetime on the server. This means that all files will be automatically deleted after 30 days (+/- 24 hours). Players may request to be excluded from this auto-deletion if they would like us to keep their E2s and act as a sort of backup service. Players can request to be sent all of their saved E2s at any time. Similarly, players can request that any code older than 7 days be deleted (on-demand only).
The external server, which houses the E2 records, is owned by us and hosted by a small, reputable company run by a network security engineer. He's always on top of the latest exploits. He alerted me of Heartbleed before I had heard of it in the news and such. The only people with access to this server are Phatso (Brandon, CFC Owner) and iLikeYoBraids (Justin, who co-owned our first game community, and has been actively developing/administrating for CFC over the last few years.) I won't disclose too much, but please be assured that we've taken many, near-excessive measures to ensure this server's security.
Why was RRKP implemented?
Look, I love E2. I've made hundreds of neat, interesting, and fun E2s over my GMod career. Justin and I are programmers in real life; we don't want your code. We don't want to steal it, we don't want to even look at it unless an E2-relevant report is issued. This system was not put in place with the intention of stealing or distributing your intellectual property. I promise, you have my word that this system is, and will only ever be used for good.
This system was put in place purely to combat E2 abuse. We've already caught an E2 abuser who used a malicious E2 to crash the server. I've already submitted a patch to Wiremod to resolve this exploit and ensure it can't be used anywhere else. This is extremely valuable because we're able to make E2 safer as a whole, on every server.
This system enables us to take an offensive stance against E2 abuse, instead of a defensive, reactionary-only stance.
With this article, we hope that we've answered any question you may have, and we hope we've addressed all of the important points.
We've explained the problem to you, we've told you what our solution was, we explained to you exactly how the solution works, we assured you of our intentions, and hopefully we've given you confidence that your data is being handled in a respectful, responsible manner.
It's worth remembering that storing or "skimming" E2s doesn't require some crazy complicated solution. It's very simple to write every spawned E2 to a local on-server file. Very trivial, in fact. So trivial that it's in your best interest to assume that every server is stealing your E2s. We could have always read your E2s while an admin was in the server using built-in E2 tools, this is simply a tool that allows us to address incidents that have already occurred.
If you have any more questions or concerns, please bring them up directly with me, or in the #wiremod-discussion channel in our Discord. I'm happy to talk at length with you about any concerns, worries, questions, or suggestions that you may have.