RealID has to be one of the dumbest things ever.
The actual Real ID implementation is dumber than the RealID concept.
The fact that it is possible for a malicious addon to determine what your First/Last Name is even if you do not otherwise use the feature is flat out inexcusable.
The root cause of this problem is that you are implicitly a valid RealID whisper candidate. Thus with clever use of BNSendWhisper(idx, msg) an addon can pull your name out of the outgoing/incoming chat whisper.
A simple example of this:
Code:
/run BNSendWhisper(BNGetInfo(),"RealID whisper from yourself..");
_BNIsNotSelf/BNIsNotSelfTest.lua contains sample code that would be similar to what is used in an actual "malicious" addon. (Hide what you are doing from the user, an example of "light" obfuscation that would hide it from grep)
What BNIsNotSelf does is attempt to work around this by:
Changing BNSendWhisper(idx, msg) to complain loudly if an attempt is made to whisper yourself via RealID (Error message + Stack trace).
If someone else has replaced "BNSendWhisper" before the addon is loaded, an error message will be displayed when the addon is loaded.
Caveats:
* The amount of protection it can provide is strictly dependent on load order. The actual addon is named "_BNIsNotSelf" in an attempt to avoid this issue out of the box for most environments. If "_BNIsNotSelf" is not at the top of the addon list, or load order ends up placing other things before it, it will complain once on load time, and give a list of addons that could potentially have worked around what protection I can provide. For guaranteed results
_BNIsNotSelf MUST BE THE FIRST ADDON LOADED.