A fairly popular custom launcher project for Minecraft has capsized after a maintainer purged the project’s other developers for “promoting radicalist leftist queer ideology,” GamingOnLinux reports. With the project under their exclusive control, the hijacker is now free to push any update they like without oversight, including malicious code.
The project, PolyMC, bills itself as a Minecraft launcher focused on “predictability, long term stability and simplicity”. Its purpose is to provide users with an easy means to manage multiple different installs of Minecraft on a single machine, each with its own unique constellation of mods, resources, and settings. Following yesterday’s purge, current PolyMC users are being urged by the Minecraft modding community to stop using the launcher immediately.
Unfortunate but urgent announcement to make.If you use PolyMC as your launcher, we are urging all users to switch off of it immediately. Not tomorrow, today. The main keyholder for PolyMC’s infrastructure has been compromised.October 17, 2022
It’s not entirely clear which supposed act of “leftist queer ideology” set off the bizarre coup in the first place. The project update that accompanied the purge—named “reclaim polymc from the leftoids“—did only one thing: Delete the project’s code of conduct, which contained provisions aimed at protecting project users and participants from transphobic, homophobic, and racist abuse.
Those provisions certainly seem like the kind of thing that might enrage someone with reactionary politics, but the code of conduct has existed for months. There are even records from May of the dev who just hijacked the project arguing for removing the clauses that explicitly protect people on the basis of things like gender identity and sexual orientation, rather than unilaterally deleting it outright. It’s unclear what, if anything, has led the dev in question to torpedo the project in the last few days.
It was originally assumed that the hijacker’s account had itself been hacked by someone with a far-right axe to grind, but a message signed with the dev’s PGP signature states they aren’t compromised.
Since cutting their fellow devs out of the project, the hijacker has taken to Discord to assure panicked users that, “despite what you think about [them] personally,” they have no intention of introducing malware into PolyMC. Of course, if they did decide to inject malicious code, there wouldn’t be anybody left to stop them. It’s better to be safe than sorry in this instance and stop using PolyMC altogether.
The hijacker also says they are currently “seeing if anyone is interested in contributing” to the project. I guess they’re an optimist.
It’s not all bad news for PolyMC fans, though. Since yesterday’s drama, the evicted devs have regrouped under the moniker PrismLauncher. There’s not much in the way of an official statement from them regarding PolyMC yet, save for a request that fans don’t bother people involved with the project. With any luck, PolyMC users will be able to transition smoothly over to the new project without too much hassle. PrismLauncher is yet to get fully up and running, but the team has a Discord server you can follow for updates.