Gildfesh
Assigned
Reported
Comments
I think it is understood that this is the intended behaviour of the feature, the problem is that the intended behaviour seems inherently flawed and exploitable by a malicious server.
Yes, if someone realises that their message is being modified, they will probably not want to play on that server anymore but by the time they realise the message they sent has been modified, it is likely too late. If a malicious server owner was to make an innocent player say incredibly vulgar, disgusting and potentially illegal things, the innocent player is now responsible for those words despite not actually meaning to say them solely because their message will be signed.
You also haven't really addressed the fact that people will type messages based on muscle memory or that if someone is focussed on typing a longer message, they may not even notice that certain words in the message have been changed. You might personally proofread every single message you send in game but that is certainly not the case for many people.
Obviously as someone not working at Mojang, I don't have access to the absolute latest information about the report system but as the system is in the latest prerelease, you could have a completely innocent player sending messages that could be reported by every other player in the server and because of the level of the stuff said, may lead to them being banned.
We understand that if you type really fast it will show that there was tampering, the problem is that this solution isn't good enough.
Imagine the average computer user, pecking at their keyboard one key at a time, not looking at the screen because they don't know how to touch type. All it takes is for them to wait the slightest bit too long to hit enter for their message to be manipulated and signed. I'd even argue this directly harms children who are the major target for this report system to protect. Kids are easily manipulated onto another server and are less likely to be capable typists than adults that have spent their entire life at a computer which means they specifically are more vulnerable than other people.
This also doesn't address if someone was to type out a long message and have the message hijacked in a similar way to what is demonstrated in the "bee" video. Humans are really bad when it comes to misdirection (so bad in fact that there is an entire industry around it called "Magic").
Why should a message be signed if it has been manipulated at all? Even by an innocent server using the feature as intended? Signatures are supposed to be verification that the person did in fact send what they sent but in this case there is a non-zero chance that what they sent and what was typed are entirely different.
My solution would be to force the client to sign that the message has been in fact modified (perhaps even including the original text) or to simply not sign messages that have been modified by someone that isn't the one typing it since that undermines the entire point of a signature system in the first place.
I will also add that no amount of time is enough to delay the signing. Someone could easily type out a message, get called to do something then return and hit enter right away without thinking about it.