TotalFreedom has had a long history of exploits being used both maliciously and harmlessly.

2014

Invalid Flower

Invalid Flower was an exploit discovered in early 2014 for Minecraft 1.7.x that crashed players who attempted to render a nonexistent variant of a flower. This exploit was maliciously used to crash players' clients and prevent them from joining the server.

2022

Worldcom

Worldcom was an exploit discovered in August 2022 that allowed players to obtain the player data of any entity in the same world as them. The exploit worked by abusing the lack of a distance check in the "Query Entity Tag" packet.

Video created a fork of EpsilonBot to use the exploit to collect consenting player's in-game coordinates every few seconds and store them in a PostgreSQL database, with the ultimate goal being to find builds to independently archive.