Pages: 1 2 3 4 5 6 7 :: [one page] |
|
Author |
Thread Statistics | Show CCP posts - 8 post(s) |
Thomas Alva Edison
Center for Advanced Studies Gallente Federation
2
|
Posted - 2011.09.20 14:37:00 -
[1] - Quote
hi !
Just recently i stumbled on the site: http://evewho.com The project itself is a good idea, but it is showing more than i want to show to the public.
For start, i don't want to show to the public the members from my corporation ! Random Example: http://evewho.com/corp/Zerg+Hatchery
Is there a setting from the API where i can disable a such thing ? Is there an action i can take against showing the members of my corporation ? Ain't it against the privacy of a corporation ?
As a disclaimer, it states:
Quote:All numbers based to known characters and may differ from in game values. All characters found by scavengin killboards, eve-search, and finding holes in character id sequence data and filling them.
Now i know for sure some characters do not appear on any existing killboard, but it appears on this site.
Can something be done ? |
Nyio
Federal Navy Academy Gallente Federation
98
|
Posted - 2011.09.20 14:47:00 -
[2] - Quote
Yes, great site. I hope it's here to stay and grow. Features & Ideas Discussion: Agent Finder, Black Holes Needs a banner here.. |
Efraya
10
|
Posted - 2011.09.20 14:47:00 -
[3] - Quote
All of the information gathered on that website is a collection of information that is already publicly visible, he's just been clever in scraping the kill boards and compiling that list.
WSpace; Best space. |
Nikkov
Kai-Zen inc.
0
|
Posted - 2011.09.20 14:59:00 -
[4] - Quote
Efraya wrote:All of the information gathered on that website is a collection of information that is already publicly visible, he's just been clever in scraping the kill boards and compiling that list.
How can the information be public, ie: Killboards, when alts are being shown that have never undicked from station? |
Thorn Galen
The Scope Gallente Federation
9
|
Posted - 2011.09.20 14:59:00 -
[5] - Quote
Very good site, decent information! Keep it going.
(This space for rent) |
Myxx
Atropos Group
53
|
Posted - 2011.09.20 15:00:00 -
[6] - Quote
evewho is awesome and I personally have been using it for my own needs. I think its great seeing the members of a corp shown in public like that. |
Ciar Meara
Virtus Vindice
103
|
Posted - 2011.09.20 15:00:00 -
[7] - Quote
Indeed, the maker could keep it open or sell information based on his machine, or do both with private acces.
In any case it is a usefull tool. - [img]http://go-dl1.eve-files.com/media/corp/janus/ceosig.jpg[/img] [yellow]English only please. Zymurgist[/yellow] |
Shionoya Risa
The Xenodus Initiative.
46
|
Posted - 2011.09.20 15:02:00 -
[8] - Quote
Nikkov wrote:Efraya wrote:All of the information gathered on that website is a collection of information that is already publicly visible, he's just been clever in scraping the kill boards and compiling that list.
How can the information be public, ie: Killboards, when alts are being shown that have never undicked from station?
Because he has been guessing ID's from the api. Not really what I'd called public per se.
Quote:and finding holes in character id sequence data and filling them.
|
Ya Huei
Imperial Collective
5
|
Posted - 2011.09.20 15:03:00 -
[9] - Quote
By posting it on this forum you made more people aware of this site. very smart.
|
Kitty McKitty
In Praise Of Shadows
100
|
Posted - 2011.09.20 15:06:00 -
[10] - Quote
macro to gain advantage etc. "Why can't I be different and original, like everybody else?" |
|
Prince Kobol
41
|
Posted - 2011.09.20 15:13:00 -
[11] - Quote
Ya Huei wrote:By posting it on this forum you made more people aware of this site. very smart.
By making it a website it is public for EVERYONE on the internet
luddite |
Grey Stormshadow
Starwreck Industries
110
|
Posted - 2011.09.20 15:16:00 -
[12] - Quote
Nikkov wrote:Efraya wrote:All of the information gathered on that website is a collection of information that is already publicly visible, he's just been clever in scraping the kill boards and compiling that list.
How can the information be public, ie: Killboards, when alts are being shown that have never undicked from station?
Perhaps you have posted to forums with them or your eve gate settings have been allowing some inspection for a while... There are plenty of places where sites like this could catch the data... Try googling your alts name. Forum fix for firefox and chrome Get working images and colored text Classic forum style 2.25final |
Tippia
Sunshine and Lollipops
171
|
Posted - 2011.09.20 15:18:00 -
[13] - Quote
Nikkov wrote:How can the information be public, ie: Killboards, when alts are being shown that have never undicked from station? Because they appear in other stats and data feeds, e.g. as corp founders/CEOs, or in market logs. GÇöGÇöGÇö GÇ£If you're not willing to fight for what you have in GëívGëí you don't deserve it, and you will lose it.GÇ¥ GÇö Karath Piki-á |
Zagam
Incompertus INC Fatal Ascension
87
|
Posted - 2011.09.20 15:25:00 -
[14] - Quote
Hiding that info defeats the purpose of the entire site.
I think a better question to ask is:
Why is it so important that the info is hidden? |
Shionoya Risa
The Xenodus Initiative.
46
|
Posted - 2011.09.20 15:27:00 -
[15] - Quote
Zagam wrote: Why is it so important that the info is hidden?
Apart from the massive intel boost it gives? |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 15:34:00 -
[16] - Quote
Tippia wrote:Nikkov wrote:How can the information be public, ie: Killboards, when alts are being shown that have never undicked from station? Because they appear in other stats and data feeds, e.g. as corp founders/CEOs, or in market logs.
Nope. I have an alt which I created to sort of hold a name I use in other games. That alt has done nothing - ever. Never undocked, never bought anything, never traded, trained, posted on forums - nothing. In fact I've never told anyone the alt existed until now.
He's on an account which has only disclosed the limited API to Evemon and EFT.
So I'm sort of curious how that has happened. |
malaire
41
|
Posted - 2011.09.20 15:38:00 -
[17] - Quote
Thomas Alva Edison wrote:Is there a setting from the API where i can disable a such thing ? Employment history of each character is public information. If the name of the character can be found somewhere, then it can be linked to its corporation(s).
To keep your character name private:
- Do not post on forums
- Do not appear on any killboard
- Do not buy/sell anything on market
- Do not show up in Local anywhere
- Do not chat with anyone in EVE
- Do not send evemail to anyone
- ...
Whenever you do any of the above, someone can see your character name, and that person can submit it to sites like http://evewho.com. I remember one site which gave some reward for each new character submitted there, I don't know if http://evewho.com does this also.
So in short, there is no real way to keep your character name and its corporation(s) private. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Vincent Athena
V.I.C.E.
40
|
Posted - 2011.09.20 15:40:00 -
[18] - Quote
We just had a faildec war and used Evewho to see who was in the other corp. The dec started with the other corp containing 2 pilots. During the war 3 more joined. This allowed me to see how long it takes Evewho to find the new members: 12 to 48 hours.
I'm wondering if corps will start having members drop and re-join corp over and over to spoof the Evewho data. CCP employees should never proclaim a feature to be awesome. Only subscribers should. |
Adrenaline Reaper
Hard Rock Mining Co. Territorial Claim Unit
1
|
Posted - 2011.09.20 15:43:00 -
[19] - Quote
The site works by guessing character ids, http://wiki.eve-id.net/APIv2_Eve_CharacterInfo_XML
You can query some data on the API without supplying a key, just like you can search and view someone's corp history in game.
The site is 100% legit, the guy who made it has made a very clever use of the API tools available to everyone, there is nothing stopping you collecting all the info ingame if you wanted, it would just take considerable time |
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 15:44:00 -
[20] - Quote
Kill boards are wildly inaccurate for depending information. I for one don't keep one but it exists because of the kills OTHER players post, however, still an incomplete and unreliable source of information, for example, I swear I have lost many more Cheetahs than it shows.
|
|
Azitek
Astrum Tech
0
|
Posted - 2011.09.20 15:47:00 -
[21] - Quote
Othran wrote:so unless you can tell the characters on an account which you don't have the limited API key for, its leaked from one of them.
This is exactly what he's doing: creating a program that guesses massive amounts API keys. When it happens on one that's in use, it records what it finds. No leaks needed, just some dedicated CPU power. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 15:49:00 -
[22] - Quote
Azitek wrote:Othran wrote:so unless you can tell the characters on an account which you don't have the limited API key for, its leaked from one of them. This is exactly what he's doing: creating a program that guesses massive amounts API keys. When it happens on one that's in use, it records what it finds. No leaks needed, just some dedicated CPU power.
Ta - I understand now. Shouldn't have expected anything else from CCP mmm? |
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 15:49:00 -
[23] - Quote
Azitek wrote:Othran wrote:so unless you can tell the characters on an account which you don't have the limited API key for, its leaked from one of them. This is exactly what he's doing: creating a program that guesses massive amounts API keys. When it happens on one that's in use, it records what it finds. No leaks needed, just some dedicated CPU power.
So if he is abusing the API, and attempting to scan it for API keys, then he should be banned according to the rules no?
|
Adrenaline Reaper
Hard Rock Mining Co. Territorial Claim Unit
1
|
Posted - 2011.09.20 15:52:00 -
[24] - Quote
Azitek wrote:Othran wrote:so unless you can tell the characters on an account which you don't have the limited API key for, its leaked from one of them. This is exactly what he's doing: creating a program that guesses massive amounts API keys. When it happens on one that's in use, it records what it finds. No leaks needed, just some dedicated CPU power.
He is not cracking the API keys, that would not be allowed as you have effectively hacked someone's account. But you are on the right lines, he is just guessing char ids and seeing if they work, its not even that compute intensive. |
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 15:56:00 -
[25] - Quote
Adrenaline Reaper wrote:Azitek wrote:Othran wrote:so unless you can tell the characters on an account which you don't have the limited API key for, its leaked from one of them. This is exactly what he's doing: creating a program that guesses massive amounts API keys. When it happens on one that's in use, it records what it finds. No leaks needed, just some dedicated CPU power. He is not cracking the API keys, that would not be allowed as you have effectively hacked someone's account. But you are on the right lines, he is just guessing char ids and seeing if they work, its not even that compute intensive.
Scanning the API's by brute force SCRAPING DATA.
Reported for abuse and hacking :)
I wondered why the API was taking longer, it is probably him scanning it.
|
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 15:57:00 -
[26] - Quote
I think this requires fixing. Its ludicrous that its possible to datamine in this manner.
What on earth was the designer thinking?
Edit - change API such that a call without limited API key returns no data. Isn't that the logical default? |
malaire
41
|
Posted - 2011.09.20 16:00:00 -
[27] - Quote
Practical example how this might be done:
1) get few character names (e.g. malaire, Miilla, Adrenaline Reaper) 2) use API to get characterIDs of those character (e.g. this link for those 3 characters) *) malaire = 1628541932, Miilla = 1365934490, Adrenaline Reaper = 916738779 4) use those IDs to get character information (malaire info, Miilla info, Adrenaline Reaper info) 5) try other characterIDs close to those you know to find unknown characters: 916738780, 916738781, 916738782 (no luck here, all of these are invalid IDs) Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
malaire
41
|
Posted - 2011.09.20 16:02:00 -
[28] - Quote
Othran wrote:I think this requires fixing. Its ludicrous that if you can present a user ID and no key then you get the characters on that account returned.
Its beyond ludicrous in fact - its incompetence. It doesn't work like that, see my example above. You can just get information for single character (not account) when you guess characterID of that character.
Also, that characterID is NOT same as userID used with old API keys. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 16:06:00 -
[29] - Quote
malaire wrote:Othran wrote:I think this requires fixing. Its ludicrous that its possible to datamine in this manner.
What on earth was the designer thinking? It doesn't work like that, see my example above. You can just get information for single character (not account) when you guess characterID of that character.
Yeah and that's fine - from your example you are required to know the name of the char to get the charID, no problem with that at all.
Doing it the reverse way, randomly trying charID to get a result - no, I'm not at all happy with that. Its ****-poor design. |
Tippia
Sunshine and Lollipops
171
|
Posted - 2011.09.20 16:25:00 -
[30] - Quote
GǪon the other hand, if he was just scraping characterIDs, there shouldn't be so many characters missing. GÇöGÇöGÇö GÇ£If you're not willing to fight for what you have in GëívGëí you don't deserve it, and you will lose it.GÇ¥ GÇö Karath Piki-á |
|
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 16:33:00 -
[31] - Quote
Tippia wrote:GǪon the other hand, if he was just scraping characterIDs, there shouldn't be so many characters missing.
Doesn't matter whether he's scraping or guessing.
Any system which confirms or refutes the existence of a user (or character in this case) by providing a user id of some description but no key/pw is broken beyond belief.
What's more, the designer who thought that would be OK is quite clearly not competent.
Its absolutely ****-poor design, appallingly bad.
There's nothing else to be said Tippia - there's no good reason for this API behaviour. None. |
Adrenaline Reaper
Hard Rock Mining Co. Territorial Claim Unit
1
|
Posted - 2011.09.20 16:38:00 -
[32] - Quote
Othran wrote:Tippia wrote:GǪon the other hand, if he was just scraping characterIDs, there shouldn't be so many characters missing. Doesn't matter whether he's scraping or guessing. Any system which confirms or refutes the existence of a user (or character in this case) by providing a user id of some description but no key/pw is broken beyond belief. What's more, the designer who thought that would be OK is quite clearly not competent. Its absolutely ****-poor design, appallingly bad. There's nothing else to be said Tippia - there's no good reason for this API behaviour. None.
The whole point of the API is to provide the same data you can get ingame, but accessible to other applications. You can check the corp of each char manually ingame, so why should you not be able to do it on a website? |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 16:44:00 -
[33] - Quote
Adrenaline Reaper wrote:The whole point of the API is to provide the same data you can get ingame, but accessible to other applications. You can check the corp of each char manually ingame, so why should you not be able to do it on a website?
So he's doing it all manually?
Pull the other one, it has bells on it.
The point is that this ISN'T MANUALLY OBTAINED INFO. Its obtained through "guessing" (yeah right) charID keys and seeing whether you guess right - and with over 2 million characters on there (supposedly) there is no way its not automated.
Needs fixing and I sadly agree with Milla - ban is in order in this case.
Edit - let him guess the character names mmm? That'd be fair. Of course nobody in their right mind is going to do that.
Edit2 - he's scraping Tippia. Too many characters that I know of who have been inactive from 2003/2004 show up there for it to be anything else. |
Tippia
Sunshine and Lollipops
171
|
Posted - 2011.09.20 16:49:00 -
[34] - Quote
Adrenaline Reaper wrote:The whole point of the API is to provide the same data you can get ingame, but accessible to other applications. You can check the corp of each char manually ingame, so why should you not be able to do it on a website? Not quite. The point is that this behaviour can provide data that isn't available otherwise.
For instance, if you do not know that a character exists, you cannot find it in-game nor can you discover who's in those "unknown" corp slots; using the charID and API calls, you can discover its existence and tie it back to the corp that way.
SLOPS has four members; three are easily divined by looking at the corp info. The fourth is not since he's been hiding fairly well (and he isn't even on evewho as far as I can tell), and there is no way to ferret him out by going on an Info-screen trek. However, guess his characterID, and he'll pop up, and information that is not otherwise available will be revealed. GÇöGÇöGÇö GÇ£If you're not willing to fight for what you have in GëívGëí you don't deserve it, and you will lose it.GÇ¥ GÇö Karath Piki-á |
Messoroz
AQUILA INC
10
|
Posted - 2011.09.20 16:53:00 -
[35] - Quote
I'm surprised the site hasnt been blacklisted from the API for brute forcing the character IDs. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 16:56:00 -
[36] - Quote
Messoroz wrote:I'm surprised the site hasnt been blacklisted from the API for brute forcing the character IDs.
I don't think he is - I think he's scraping a range +/- on each character found on other sites or obtained from local (I can see a macro working VERY well here).
Definitely deserves the banstick though - and this needs changing ASAP, as does the dev who thought this was OK |
Nyio
Federal Navy Academy Gallente Federation
99
|
Posted - 2011.09.20 16:59:00 -
[37] - Quote
This thread is now called: Geniuses Speculating .. Features & Ideas Discussion: Agent Finder, Black Holes Needs a banner here.. |
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 17:16:00 -
[38] - Quote
WIN for PRIVACY LEAKS!
Go CCP! |
Zagam
Incompertus INC Fatal Ascension
87
|
Posted - 2011.09.20 17:20:00 -
[39] - Quote
Shionoya Risa wrote:Zagam wrote: Why is it so important that the info is hidden?
Apart from the massive intel boost it gives? To both sides.
Evewho can be used against you, or it can be used for you. I've been on both sides of it.
|
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 17:22:00 -
[40] - Quote
So what was the point of having API Keys controlled by the CUSTOMER if it is being leaked all over the API surface.
|
|
Ni Cho
Eternity INC. Goonswarm Federation
0
|
Posted - 2011.09.20 17:23:00 -
[41] - Quote
Nikkov wrote:Efraya wrote:All of the information gathered on that website is a collection of information that is already publicly visible, he's just been clever in scraping the kill boards and compiling that list.
How can the information be public, ie: Killboards, when alts are being shown that have never undicked from station?
Haha, you said undicked... |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 17:26:00 -
[42] - Quote
Given the amount of idiots who have account and character names the same it looks quite useful for a bit of brute forcing/social engineering accounts too.
So who's the muppet designer who ****** this up? |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:27:00 -
[43] - Quote
Othran wrote:Given the amount of idiots who have account and character names the same it looks quite useful for a bit of brute forcing/social engineering accounts too.
So who's the muppet designer who ****** this up?
"Stay the course!"
|
malaire
41
|
Posted - 2011.09.20 17:31:00 -
[44] - Quote
Tippia wrote:For instance, if you do not know that a character exists, you cannot find it in-game nor can you discover who's in those "unknown" corp slots; using the charID and API calls, you can discover its existence and tie it back to the corp that way. You can find it in-game, you can search by partial character name and try to find there "hidden" characters. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:32:00 -
[45] - Quote
Remember that Eve Developer Licensing a while back?
This guy is just going to screw it up for all the developers such as myself by now making the reality of Authorised Application Keys to being enforced on all API consuming Apps so CCP can identify applications that abuse the API and block them out.
|
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:33:00 -
[46] - Quote
malaire wrote:Tippia wrote:For instance, if you do not know that a character exists, you cannot find it in-game nor can you discover who's in those "unknown" corp slots; using the charID and API calls, you can discover its existence and tie it back to the corp that way. You can find it in-game, you can search by partial character name and try to find there "hidden" characters.
But then you actually have to log in and PLAY EVE.
This guy is bascially MACROING :)
|
malaire
41
|
Posted - 2011.09.20 17:36:00 -
[47] - Quote
Miilla wrote:This guy is bascially MACROING :)
So what? Macroing outside EVE Client, using external applications and API, is allowed. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:39:00 -
[48] - Quote
malaire wrote:Miilla wrote:This guy is bascially MACROING :)
So what? Macroing outside EVE, using external applications and API is allowed.
Abuse of API is against the rules, causing a detrimental affect on the servers or game.
Infact you will see that there is a cache time on the server API responses, he is not adhering to that most likely.
In EveMon you will also see that there is a delay on the calling of API's, to reduded load on the server.
He most likely is not doing that.
|
|
CCP Navigator
C C P C C P Alliance
97
|
Posted - 2011.09.20 17:40:00 -
[49] - Quote
I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. CCP Navigator - Lead Community Representative |
|
Nyio
Federal Navy Academy Gallente Federation
99
|
Posted - 2011.09.20 17:40:00 -
[50] - Quote
@Miilla
Perhaps spend less time on these forums and more time actually making something. Just a thought. Features & Ideas Discussion: Agent Finder, Black Holes Needs a banner here.. |
|
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 17:43:00 -
[51] - Quote
CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API information and will continue to do so.
Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all.
The fact that the API calls confirm or refute the existence of a character based on a random charID suggests you're running damage control here Spitfire. I would strongly suggest you don't.
Any system which confirms or refutes the existence of a user (or character) based on the user (char) ID and no key/pw is broken.
Simple as. |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:44:00 -
[52] - Quote
CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so.
So it is ok to scan the API?
CONFIRMED, get those API scanners going people |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:46:00 -
[53] - Quote
Eve API is as secure as their email petition link replying system.
You can reply to ANY other person's petition IF you can guess the date and ID. I reported this one many times. Fell on deaf ears.
No authentication required. |
malaire
41
|
Posted - 2011.09.20 17:46:00 -
[54] - Quote
Othran wrote:Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all. Has he ever said anything in Local? Is he visible in Local?
If yes, then someone might've spotted him and posted to website like evewho. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Ejit
STD contractors
4
|
Posted - 2011.09.20 17:48:00 -
[55] - Quote
My wife has threatened me with this on more than one occasion
|
|
CCP Navigator
C C P C C P Alliance
97
|
Posted - 2011.09.20 17:48:00 -
[56] - Quote
Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people
I suggest you refrain from confirming anything. the details of what is allowed with the EVE API is decided by the developers who work on that code.
CCP Navigator - Lead Community Representative |
|
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 17:50:00 -
[57] - Quote
malaire wrote:Othran wrote:Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all. Has he ever said anything in Local? Is he visible in Local? If yes, then someone might've spotted him and posted to website like evewho.
Nope.
He was created and logged off. Hasn't been used for anything other than an Evemon template after that. Never been logged on since.
Sooo how is he there if its not scraping +/- on other characters?
2 mill characters - wow that's a lot of "guessing". |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:52:00 -
[58] - Quote
CCP Navigator wrote:Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people I suggest you refrain from confirming anything. the details of what is allowed with the EVE API is decided by the developers who work on that code.
This guy is obviously scraping the API charID's, that is scanning the API parameters.
YOU said he had done nothing "illegal".
Is it allowed or not?
Your post said it was. |
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 17:55:00 -
[59] - Quote
Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people I just want to clarify:
We have very clear policies about what's allowed and not. As you will know, we will throttle invalid calls, as we do not allow throwing 10 million random IDs at the API and hoping they return data.
Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.
Associate QA Tester for Team EVESec. |
|
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:58:00 -
[60] - Quote
CCP Stillman wrote:Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people I just want to clarify: We have very clear policies about what's allowed and not. As you will know, we will throttle invalid calls, as we do not allow throwing 10 million random IDs at the API and hoping they return data. Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if an error is generated. |
|
malaire
41
|
Posted - 2011.09.20 17:59:00 -
[61] - Quote
Other site, EVE Central Intelligence, collected 3.9 million valid characterIDs without using characterID guessing.
Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 18:00:00 -
[62] - Quote
Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls Associate QA Tester for Team EVESec. |
|
Zaraki Kenpachi
Republic Military School Minmatar Republic
0
|
Posted - 2011.09.20 18:01:00 -
[63] - Quote
oh boy.. surprised to find some of my alt ... they never did **** but here they are
I'll just leave the disclaimer of evewho here :
Quote: All numbers based on known characters and may differ from in game values. All characters found by scavenging killboards, eve-search, and finding holes in character id sequence data and filling them.
now what..? |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:02:00 -
[64] - Quote
CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls
Do you consider it good design that the API confirms or refutes the existence of a character ID without a key?
Edit - and I could distribute requests all over the place, as could LOTS of Eve players. You going to check the error rate over what (for example) is the known PL IP addresses? No of course you're not. NB-not suggesting PL are involved, but I know you guys log all your IP addresses on comms/forums/etc hence the example. |
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:02:00 -
[65] - Quote
CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls
So spread them over multiple proxies, API calls are lightweight on a proxy/VPN.
The API can be called from Amazon's Elastic Cloud VM's :) |
Messoroz
AQUILA INC
10
|
Posted - 2011.09.20 18:02:00 -
[66] - Quote
CCP Stillman wrote:Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people I just want to clarify: We have very clear policies about what's allowed and not. As you will know, we will throttle invalid calls, as we do not allow throwing 10 million random IDs at the API and hoping they return data. Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.
But they had to scrape, they have npc corp alts never even logged into listed that should otherwise not exist. Unless they got access to an set of api keys from other sources they shouldnt have. |
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 18:05:00 -
[67] - Quote
Othran wrote:CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls Do you consider it good design that the API confirms or refutes the existence of a character ID without a key? The fact it doesn't require a key is an issue in the original design we wanted to changed for the Incarna release, but wasn't done soon enough.
We're of course concerned with backwards compatibility, and doing such changes late in the development cycle would not be good.
But then again, a key is very easy to get hold of. Associate QA Tester for Team EVESec. |
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:06:00 -
[68] - Quote
Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?
|
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 18:07:00 -
[69] - Quote
Miilla wrote:CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls So spread them over multiple proxies, API calls are lightweight on a proxy/VPN. What you're pointing to is an inherent issue with the internet: Anonymity.
The developer license, as discussed at fanfest, was one aspect of ensuring that any traffic can always be tracked back to a developer. But of course, there were some fundamental issues with that system, as I'm sure we all remember. But we of course want to keep people responsible if they're abusing the API service. And we do so, on a regular basis. If people abuse the characterInfo/CharacterName calls, then they WILL feel the consequences Associate QA Tester for Team EVESec. |
|
okst666
Not Solitude Again Chained Reactions
2
|
Posted - 2011.09.20 18:08:00 -
[70] - Quote
I think this service is perfect.
please make a button to extract the date and automagically paste it into eveclient, and set given corpmembers to -10 and check that little notification when they go on/offline.
It would also be quite usefull to know where those people are at any moment.
[X] < Nail here for new monitor |
|
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:08:00 -
[71] - Quote
CCP Stillman wrote:Othran wrote:CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls Do you consider it good design that the API confirms or refutes the existence of a character ID without a key? The fact it doesn't require a key is an issue in the original design we wanted to changed for the Incarna release, but wasn't done soon enough. We're of course concerned with backwards compatibility, and doing such changes late in the development cycle would not be good. But then again, a key is very easy to get hold of.
Would you like to stop with weasel words?
Its appallingly bad design practice is it not? The fact you seem to consider it acceptable makes me wonder what else in your infrastructure you consider acceptable.
So when will it be fixed?
|
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 18:08:00 -
[72] - Quote
Miilla wrote:Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?
I can't speak in certain terms, as the plans aren't done at this point. But does it make sense to me? Yes. Associate QA Tester for Team EVESec. |
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:10:00 -
[73] - Quote
How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.
If they have a valid reason to query the API, they would have a key.
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:11:00 -
[74] - Quote
CCP Stillman wrote:Miilla wrote:Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?
I can't speak in certain terms, as the plans aren't done at this point. But does it make sense to me? Yes.
Which would also allow the API to be load balanced based on app and also a SHARDED API by having a "Pro" level developer license with "enhanced APIs" and a "FREE" API license with minimal APIs
Which would also make App certificate/key hijacking a reality to deny authorised apps access by abusing a "lock out" mechanism. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:11:00 -
[75] - Quote
Miilla wrote:How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.
If they have a valid reason to query the API, they would have a key.
Agreed.
For any character-specific query a key should be mandatory. |
Leona Elum
Save Jita
0
|
Posted - 2011.09.20 18:12:00 -
[76] - Quote
CCP Stillman wrote:generating excess errors will get your IP blocked.
I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick.
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:14:00 -
[77] - Quote
Leona Elum wrote:CCP Stillman wrote:generating excess errors will get your IP blocked. I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick.
Which is a concern as I am on a mobile internet and many times the API calls fail or partially completed due to connection drop outs.
That wasnt for Save jita was it? lol at least put a picture of a hulk contract that I sold for lulz. PS: Im never in jita. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:19:00 -
[78] - Quote
Leona Elum wrote:CCP Stillman wrote:generating excess errors will get your IP blocked. I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick.
This is likely to become more of a problem soon(ish). Reason being its quite likely that as IPv6 (finally) gets introduced in Europe/North America its more likely that all the legacy IPv4 modem/routers consumers have will be proxied through a gateway.
For anyone in the UK, all your mobile phone stuff works like this - its all proxied and logged due to rules about under 18s, more to do with contracts than morality IMHO ;) |
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 18:19:00 -
[79] - Quote
Othran wrote:CCP Stillman wrote:Othran wrote:CCP Stillman wrote:Miilla wrote:
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if you see 2 or 3 errors.
Nice try. But no. Just doing simple valid calls won't make us forget that you just did 3 bad calls Do you consider it good design that the API confirms or refutes the existence of a character ID without a key? The fact it doesn't require a key is an issue in the original design we wanted to changed for the Incarna release, but wasn't done soon enough. We're of course concerned with backwards compatibility, and doing such changes late in the development cycle would not be good. But then again, a key is very easy to get hold of. Would you like to stop with weasel words? Its appallingly bad design practice is it not? The fact you seem to consider it acceptable makes me wonder what else in your infrastructure you consider acceptable. So when will it be fixed? I'm not saying it's acceptable. I'm saying that it's how the API was originally designed and that changing that shouldn't be done over night, as we don't want to break applications from functioning. We want to give people a heads up and make sure they can adjust their applications in time before a such change hits. Doing so in the Incarna patch would be too many changes at once.
I can't confirm exactly when we'd deploy a such change. But I'll have a talk with Elerhino and see what we can do. Associate QA Tester for Team EVESec. |
|
malaire
41
|
Posted - 2011.09.20 18:19:00 -
[80] - Quote
Othran wrote:Miilla wrote:How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.
If they have a valid reason to query the API, they would have a key.
Agreed. For any character-specific query a key should be mandatory. What would it change? Just create any key and use it to obtain information about all the characters whose charaterID you know. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
|
Squizz Caphinator
Woopatang
9
|
Posted - 2011.09.20 18:20:00 -
[81] - Quote
Hi guys, thanks for checking out EveWho. I was asked to come here and clarify a couple of things.
1) I am NOT scraping the API. 2) All information I've retrieved is publicly available somewhere. 3) I am NOT scraping the API.
I am well aware of CCP's policies per using the API and I have no intention of abusing them. I built the initial database by getting a character dump from Eve-Kill, scraping some forums, scraping a few hundred other killboards, and from a couple of donations of character name lists.
I am NOT scraping the API.
I built this site by using resources available to everyone. That includes you. I saw another site similar to EveWho a few months ago and thought I could do a better job. I believe I did. If you think you can do a better job, you just might be able to do so :)
I am NOT scraping the API.
Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
I am NOT scraping the API.
Please continue to enjoy EveWho for good or bad, whichever you prefer.
Fly dangerous, Squizz http://evewho.com - Alliance and Corporation Member Listings http://evechatter.com - Free Alliance and Corporation forums for all. |
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:21:00 -
[82] - Quote
Othran wrote:Leona Elum wrote:CCP Stillman wrote:generating excess errors will get your IP blocked. I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick. This is likely to become more of a problem soon(ish). Reason being its quite likely that as IPv6 (finally) gets introduced in Europe/North America the more likely that all the legacy modems/routers consumers have will be proxied through a gateway. For anyone in the UK, all your mobile phone stuff works like this - its all proxied and logged due to rules about under 18s, more to do with contracts than morality IMHO ;)
All ISP's are gateways.
It says I am in A location but infact i am hundreds of miles away from that location.
All ISP's cache (Squid most likely) and log and route out, not just mobiles.
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:23:00 -
[83] - Quote
Squizz Caphinator wrote:Hi guys, thanks for checking out EveWho. I was asked to come here and clarify a couple of things.
1) I am NOT scraping the API. 2) All information I've retrieved is publicly available somewhere. 3) I am NOT scraping the API.
I am well aware of CCP's policies per using the API and I have no intention of abusing them. I built the initial database by getting a character dump from Eve-Kill, scraping some forums, scraping a few hundred other killboards, and from a couple of donations of character name lists.
I am NOT scraping the API.
I built this site by using resources available to everyone. That includes you. I saw another site similar to EveWho a few months ago and thought I could do a better job. I believe I did. If you think you can do a better job, you just might be able to do so :)
I am NOT scraping the API.
Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
I am NOT scraping the API.
Please continue to enjoy EveWho for good or bad, whichever you prefer.
Fly dangerous, Squizz
Provide an opt out mechanism and you wont be ganked non stop in game.
EveWho-Squizz Caphinator-A-GEDDON! Comming SOON!
Quote: Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
Then you should get ZERO ERRORS if you are calling with VALID parameters. |
Jack bubu
GK inc. Pandemic Legion
12
|
Posted - 2011.09.20 18:26:00 -
[84] - Quote
oh my, Miilla **** posting, thats something new |
Nyio
Federal Navy Academy Gallente Federation
100
|
Posted - 2011.09.20 18:26:00 -
[85] - Quote
Squizz Caphinator wrote:Hi guys, thanks for checking out EveWho. I was asked to come here and clarify a couple of things.
1) I am NOT scraping the API. 2) All information I've retrieved is publicly available somewhere. 3) I am NOT scraping the API.
I am well aware of CCP's policies per using the API and I have no intention of abusing them. I built the initial database by getting a character dump from Eve-Kill, scraping some forums, scraping a few hundred other killboards, and from a couple of donations of character name lists.
I am NOT scraping the API.
I built this site by using resources available to everyone. That includes you. I saw another site similar to EveWho a few months ago and thought I could do a better job. I believe I did. If you think you can do a better job, you just might be able to do so :)
I am NOT scraping the API.
Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
I am NOT scraping the API.
Please continue to enjoy EveWho for good or bad, whichever you prefer.
Fly dangerous, Squizz
Thanks for the great site, keep up the good work!
Features & Ideas Discussion: Agent Finder, Black Holes Needs a banner here.. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:26:00 -
[86] - Quote
CCP Stillman wrote: I'm not saying it's acceptable. I'm saying that it's how the API was originally designed and that changing that shouldn't be done over night, as we don't want to break applications from functioning. We want to give people a heads up and make sure they can adjust their applications in time before a such change hits. Doing so in the Incarna patch would be too many changes at once.
I can't confirm exactly when we'd deploy a such change. But I'll have a talk with Elerhino and see what we can do.
Thank you for your honesty.
You are aware of how this makes you guys look - time after time its some other nonsense from someone who CLEARLY should not be doing the role. This example is so basic it makes me cringe and I'm a h/w engineer.
Anyway it needs sorting ASAP so whatever can be done to escalate a review of API calls which return character data with no key would be appreciated. |
KaarBaak
26
|
Posted - 2011.09.20 18:26:00 -
[87] - Quote
OP: did you check API call logs? Mine show two hits every day from an IP that is part of a block assigned in China.
|
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:27:00 -
[88] - Quote
Squizz Caphinator wrote:Hi guys, thanks for checking out EveWho. I was asked to come here and clarify a couple of things.
1) I am NOT scraping the API. 2) All information I've retrieved is publicly available somewhere. 3) I am NOT scraping the API.
I am well aware of CCP's policies per using the API and I have no intention of abusing them. I built the initial database by getting a character dump from Eve-Kill, scraping some forums, scraping a few hundred other killboards, and from a couple of donations of character name lists.
I am NOT scraping the API.
I built this site by using resources available to everyone. That includes you. I saw another site similar to EveWho a few months ago and thought I could do a better job. I believe I did. If you think you can do a better job, you just might be able to do so :)
I am NOT scraping the API.
Once again let me restate that I am not scraping the API. I might cause an error or two every few minutes but no where near enough to get myself Scotty'ed or even banned. I like getting along with Scotty anyway.
I am NOT scraping the API.
Please continue to enjoy EveWho for good or bad, whichever you prefer.
Fly dangerous, Squizz
Bullshit. |
malaire
41
|
Posted - 2011.09.20 18:27:00 -
[89] - Quote
Squizz Caphinator wrote:I am NOT scraping the API. So what does this mean then (I added underlining)
Quote: All numbers based on known characters and may differ from in game values. All characters found by scavenging killboards, eve-search, and finding holes in character id sequence data and filling them.
Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:31:00 -
[90] - Quote
Miilla wrote:Othran wrote:Leona Elum wrote:CCP Stillman wrote:generating excess errors will get your IP blocked. I can confirm this to be true, and also say that it is VERY VERY hard to get it unblocked again. In my case it was excessively updating of a "scammer list", in combination with bad settings in Excel that did the trick. This is likely to become more of a problem soon(ish). Reason being its quite likely that as IPv6 (finally) gets introduced in Europe/North America the more likely that all the legacy modems/routers consumers have will be proxied through a gateway. For anyone in the UK, all your mobile phone stuff works like this - its all proxied and logged due to rules about under 18s, more to do with contracts than morality IMHO ;) All ISP's are gateways. It says I am in A location but infact i am hundreds of miles away from that location. All ISP's cache (Squid most likely) and log and route out, not just mobiles.
Nope. Mobile companies in the UK proxy your internet access via a gateway. Your mobile has a valid local IP address (eg 10.x.x.x) but it has no routable IP address other than via the gateway. The upshot being all requests come from the same IP address. |
|
Karbowiak
Sniggerdly Pandemic Legion
14
|
Posted - 2011.09.20 18:31:00 -
[91] - Quote
Squizz is using the EVSCO API proxy, and if ur interested in knowing numbers and statistics on the EVE API as we see it, have at it! ;)
EVE API errors (how many errors we generate a day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example))
http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_errors_php.html
EVE API requests (How many requests we do each day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_requests_php.html
and if you want more stats then take a look here: http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve%20api and http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve-kill
CCP are also welcome to keep a look at it, im sure you can use it for something.
also, <3 Squizz |
Squizz Caphinator
Woopatang
9
|
Posted - 2011.09.20 18:33:00 -
[92] - Quote
malaire wrote:Squizz Caphinator wrote:I am NOT scraping the API. So what does this mean then (I added underlining) Quote: All numbers based on known characters and may differ from in game values. All characters found by scavenging killboards, eve-search, and finding holes in character id sequence data and filling them.
I have two characters ID's, 1 and 3. I know with absolute certainty that 2 is a character id. I fetch it.
Pretty simple really :) http://evewho.com - Alliance and Corporation Member Listings http://evechatter.com - Free Alliance and Corporation forums for all. |
KaarBaak
26
|
Posted - 2011.09.20 18:34:00 -
[93] - Quote
KaarBaak wrote: OP: did you check API call logs? Mine show two hits every day from an IP that is part of a block assigned in China.
These two IPs make calls at the exact same time every day:
222.63.187.102 (Beijing?) 80.52.150.214 (Poland?)
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:34:00 -
[94] - Quote
Karbowiak wrote:Squizz is using the EVSCO API proxy, and if ur interested in knowing numbers and statistics on the EVE API as we see it, have at it! ;) EVE API errors (how many errors we generate a day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_errors_php.htmlEVE API requests (How many requests we do each day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_requests_php.htmland if you want more stats then take a look here: http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve%20apiand http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve-killCCP are also welcome to keep a look at it, im sure you can use it for something. also, <3 Squizz
So IF we use EVSCO API proxy to generate a large number of errors, EVSCO API proxy gets the IP blocked.
|
malaire
41
|
Posted - 2011.09.20 18:41:00 -
[95] - Quote
Squizz Caphinator wrote:malaire wrote:Squizz Caphinator wrote:I am NOT scraping the API. So what does this mean then (I added underlining) Quote: All numbers based on known characters and may differ from in game values. All characters found by scavenging killboards, eve-search, and finding holes in character id sequence data and filling them.
I have two characters ID's, 1 and 3. I know with absolute certainty that 2 is a character id. I fetch it. Pretty simple really :) How do you know with absolute certainty that 2 is characterID, if you have never seen that characterID anywhere? Even if it might seem certain that it really is characterID, you really are doing API scraping by checking it if you have never seen it anywhere before.
Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Jack bubu
GK inc. Pandemic Legion
12
|
Posted - 2011.09.20 18:43:00 -
[96] - Quote
KaarBaak wrote:KaarBaak wrote: OP: did you check API call logs? Mine show two hits every day from an IP that is part of a block assigned in China.
These two IPs make calls at the exact same time every day: 222.63.187.102 (Beijing?) 80.52.150.214 (Poland?) I dont get this at all, only the calls i make via EFT or the daily check my alliance services do on my corporation status.
are you sure its not something similar for you aswell? |
Karbowiak
Sniggerdly Pandemic Legion
14
|
Posted - 2011.09.20 18:46:00 -
[97] - Quote
Miilla wrote:Karbowiak wrote:Squizz is using the EVSCO API proxy, and if ur interested in knowing numbers and statistics on the EVE API as we see it, have at it! ;) EVE API errors (how many errors we generate a day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_errors_php.htmlEVE API requests (How many requests we do each day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_requests_php.htmland if you want more stats then take a look here: http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve%20apiand http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve-killCCP are also welcome to keep a look at it, im sure you can use it for something. also, <3 Squizz So IF we use EVSCO API proxy to generate a large number of errors, EVSCO API proxy gets the IP blocked. That is doable yes, but we have our own mechanism to block people who do many errors, and its more aggressive than anything you'd ever want to know about.
Plus it doesn't just ban you from the api proxy, also eve-kill and a whole slew of other stuff ;) Also saying how many errors a minute you have to generate to get into the "you're out" zone wouldn't be in my own interest.
That said, you trying to get the EVSCO API banned by CCP, wouldn't be in anyones interest, since without it - EVE-KILL wouldn't recieve any mails via the API.
At which point, you hunting Squizz around ingame will be the least of your troubles :D |
Lady Zarrina
Republic Military School Minmatar Republic
10
|
Posted - 2011.09.20 18:47:00 -
[98] - Quote
So the guys who think they have super secret toons were probably sooo smart they entered that toon name into the search window? I wonder how they figured that name out. Allocate resources to FiS |
Nyio
Federal Navy Academy Gallente Federation
100
|
Posted - 2011.09.20 18:50:00 -
[99] - Quote
Miilla wrote:So IF we use EVSCO API proxy to generate a large number of errors, EVSCO API proxy gets the IP blocked.
I'd like to think that the proxy would never send a bad request to the EVE servers.. Features & Ideas Discussion: Agent Finder, Black Holes Needs a banner here.. |
malaire
41
|
Posted - 2011.09.20 18:51:00 -
[100] - Quote
EDIT: removed my alarmist question about EVEMon. I just misread. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
|
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 18:54:00 -
[101] - Quote
malaire wrote:Karbowiak wrote:Squizz is using the EVSCO API proxy, ... quite a few people who use our API proxy for various things (evemon for example)) So let me get this straight: Every bit of data I fetch with EVEMon, is fetched via service provided by EVSCO? So EVSCO gets to see everything I see via EVEMon and also keeps that data cached Maybe it's time to stop using EVEMon then.. I never knew about such caching being used...
Yeah classic MAN IN THE MIDDLE sniffing :)
EVSCO probably have everybodies API Keys and Char IDs
LOL
Best scam ever. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 18:56:00 -
[102] - Quote
Oh what a surprise - hi2u for all the PL people coming to defend it.
Shurely shome shurprise ;) |
Karbowiak
Sniggerdly Pandemic Legion
14
|
Posted - 2011.09.20 18:57:00 -
[103] - Quote
malaire wrote:Karbowiak wrote:Squizz is using the EVSCO API proxy, ... quite a few people who use our API proxy for various things (evemon for example)) So let me get this straight: Every bit of data I fetch with EVEMon, is fetched via service provided by EVSCO? So EVSCO gets to see everything I see via EVEMon and also keeps that data cached Maybe it's time to stop using EVEMon then.. I never knew about such caching being used...
No, EVEMon accesses the EVE API directly, but you can tell EVEMon to use a proxy from the settings.. Some people have decided to do this, cause the CCP API doesn't cache results, and give back the cached results upon new requests within the timeout time.
Our API proxy however does return the data, and it keeps returning it - right until the timeout is reached, then you can get it from the CCP API once again. |
Zangorus
Targeted Aggression
513
|
Posted - 2011.09.20 19:00:00 -
[104] - Quote
who gives a **** Like my comment and recieve 1 million isk ingame! |
Elise Randolph
Habitual Euthanasia Pandemic Legion
12
|
Posted - 2011.09.20 19:09:00 -
[105] - Quote
PL spy network revealed !! |
Kitty McKitty
In Praise Of Shadows
113
|
Posted - 2011.09.20 19:13:00 -
[106] - Quote
No results for the sphere. "Why can't I be different and original, like everybody else?" |
Zirise
Dreddit Test Alliance Please Ignore
52
|
Posted - 2011.09.20 19:22:00 -
[107] - Quote
Spherehax, APIhax, too much hax. |
Ladie Scarlet
GoonWaffe Goonswarm Federation
102
|
Posted - 2011.09.20 19:34:00 -
[108] - Quote
Nikkov wrote:undicked from station Heh
The artist formerly known as Ladie Scarlet. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 20:29:00 -
[109] - Quote
Elise Randolph wrote:PL spy network revealed !!
Once the API fail was explained to me I figured you guys would have been doing it for a while. Nice that you all popped around so fast when it was mentioned ;) If nothing else it might educate people as to "who's who" with OOG services.
Still epic design fail from CCP though - makes me wonder wtf their internal "secure" systems are like. |
Denidil
The Graduates Morsus Mihi
94
|
Posted - 2011.09.20 20:47:00 -
[110] - Quote
Squizz Caphinator wrote:malaire wrote:Squizz Caphinator wrote:I am NOT scraping the API. So what does this mean then (I added underlining) Quote: All numbers based on known characters and may differ from in game values. All characters found by scavenging killboards, eve-search, and finding holes in character id sequence data and filling them.
I have two characters ID's, 1 and 3. I know with absolute certainty that 2 is a character id. I fetch it. Pretty simple really :)
i think that qualifies as scrapping there champ
enjoy your podkills. WiS is kinda cool and all, but FiS is more important.-á More FIS WORK! Nerf Supers, get the new backgrounds, buff assault ships, do the 0.0 balance, buff lowsec. and make a space pony! DUST SHOULD BE ON THE PC (a real platform!) GDI! I WILL NOT BUY A FQNG PS3 |
|
Karbowiak
Sniggerdly Pandemic Legion
14
|
Posted - 2011.09.20 20:49:00 -
[111] - Quote
Othran wrote:Elise Randolph wrote:PL spy network revealed !! Once the API fail was explained to me I figured you guys would have been doing it for a while. Nice that you all popped around so fast when it was mentioned ;) If nothing else it might educate people as to "who's who" with OOG services. Still epic design fail from CCP though - makes me wonder wtf their internal "secure" systems are like.
Im wondering what you are talking about. But then i realized, you have nothing to say, other than completely ******** bullshit.
But yeah, if you get off believing that PL is the masters of EVE, and has a hand in everything in EVE, then be my guest - i wont stop you. |
Zenith Intaki
Federal Defence Union Gallente Federation
11
|
Posted - 2011.09.20 21:03:00 -
[112] - Quote
Thomas Alva Edison wrote:hi ! Just recently i stumbled on the site: http://evewho.comThe project itself is a good idea, but it is showing more than i want to show to the public. For start, i don't want to show to the public the members from my corporation ! Random Example: http://evewho.com/corp/Zerg+HatcheryIs there a setting from the API where i can disable a such thing ? Is there an action i can take against showing the members of my corporation ? Ain't it against the privacy of a corporation ? As a disclaimer, it states: Quote:All numbers based to known characters and may differ from in game values. All characters found by scavengin killboards, eve-search, and finding holes in character id sequence data and filling them. Now i know for sure some characters do not appear on any existing killboard, but it appears on this site. Can something be done ?
Nice fog of war, immersion, what ever you call it, it's gone.
There is no element of surprise what so ever in EVE.
That's why 0.0 warfare sucks so badly. Have sex, it's fun! |
Joyana Dakota
Z3R0 RETURN MINING INC. Rura-Penthe
0
|
Posted - 2011.09.20 21:08:00 -
[113] - Quote
I'm sorry but this website is breaking some rules in one form or another since I just created a new Corporation yesterday on an alt and it's already showing up on the website, I have never given my API away and I have never conducted any sort of PvP with that character so the information is not coming from random killboard information.
This should be illegal ! |
Denidil
The Graduates Morsus Mihi
94
|
Posted - 2011.09.20 21:11:00 -
[114] - Quote
Karbowiak wrote:Squizz is using the EVSCO API proxy, and if ur interested in knowing numbers and statistics on the EVE API as we see it, have at it! ;) EVE API errors (how many errors we generate a day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_errors_php.htmlEVE API requests (How many requests we do each day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_requests_php.htmland if you want more stats then take a look here: http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve%20apiand http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve-killCCP are also welcome to keep a look at it, im sure you can use it for something. also, <3 Squizz
so i have an alt that created a corp two days ago.. she has engaged in zero PVP activities... how does he have this info?
is he getting people's API info off of EVESCO?
because if he is i have a couple keys to go invalidate....
[edit]
fack it.. i just invalidated the keys i issued to EVESCO/my alliance killboard. WiS is kinda cool and all, but FiS is more important.-á More FIS WORK! Nerf Supers, get the new backgrounds, buff assault ships, do the 0.0 balance, buff lowsec. and make a space pony! DUST SHOULD BE ON THE PC (a real platform!) GDI! I WILL NOT BUY A FQNG PS3 |
Denidil
The Graduates Morsus Mihi
94
|
Posted - 2011.09.20 21:13:00 -
[115] - Quote
Squizz Caphinator wrote:....
tell us how you acquired API keys (other than your invalid generating keys)? WiS is kinda cool and all, but FiS is more important.-á More FIS WORK! Nerf Supers, get the new backgrounds, buff assault ships, do the 0.0 balance, buff lowsec. and make a space pony! DUST SHOULD BE ON THE PC (a real platform!) GDI! I WILL NOT BUY A FQNG PS3 |
Akirei Scytale
14
|
Posted - 2011.09.20 21:19:00 -
[116] - Quote
Prince Kobol wrote:Ya Huei wrote:By posting it on this forum you made more people aware of this site. very smart.
By making it a website it is public for EVERYONE on the internet luddite availability =/= exposure. |
Karbowiak
Sniggerdly Pandemic Legion
14
|
Posted - 2011.09.20 21:21:00 -
[117] - Quote
Denidil wrote:Karbowiak wrote:Squizz is using the EVSCO API proxy, and if ur interested in knowing numbers and statistics on the EVE API as we see it, have at it! ;) EVE API errors (how many errors we generate a day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_errors_php.htmlEVE API requests (How many requests we do each day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_requests_php.htmland if you want more stats then take a look here: http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve%20apiand http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve-killCCP are also welcome to keep a look at it, im sure you can use it for something. also, <3 Squizz so i have an alt that created a corp two days ago.. she has engaged in zero PVP activities... how does he have this info? is he getting people's API info off of EVESCO? because if he is i have a couple keys to go invalidate.... [edit] fack it.. i just invalidated the keys i issued to EVESCO/my alliance killboard.
wow..
He isn't using any API keys from EVSCO/EVE-KILL for this you moron. He uses the very publicly available CCP API, where he takes the pilot external id, looks at the ID numbers, sees that there is an ID range, say 1000 to 1200, logic dictates that there must be something between 1000 and 1200, which is 199 pilots - so he tries all 199 IDs, and gets lucky..
It's common sense, your fear mongering is only making you look like an idiot.. *sigh* |
Kitty McKitty
In Praise Of Shadows
113
|
Posted - 2011.09.20 21:24:00 -
[118] - Quote
Denidil wrote:tell us how you acquired API keys (other than your invalid generating keys)?
You can generate Invalids? This explains the majority of the forum community. "Why can't I be different and original, like everybody else?" |
Denidil
The Graduates Morsus Mihi
94
|
Posted - 2011.09.20 21:28:00 -
[119] - Quote
Karbowiak wrote:Denidil wrote:Karbowiak wrote:Squizz is using the EVSCO API proxy, and if ur interested in knowing numbers and statistics on the EVE API as we see it, have at it! ;) EVE API errors (how many errors we generate a day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_errors_php.htmlEVE API requests (How many requests we do each day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_requests_php.htmland if you want more stats then take a look here: http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve%20apiand http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve-killCCP are also welcome to keep a look at it, im sure you can use it for something. also, <3 Squizz so i have an alt that created a corp two days ago.. she has engaged in zero PVP activities... how does he have this info? is he getting people's API info off of EVESCO? because if he is i have a couple keys to go invalidate.... [edit] fack it.. i just invalidated the keys i issued to EVESCO/my alliance killboard. wow.. He isn't using any API keys from EVSCO/EVE-KILL for this you moron. He uses the very publicly available CCP API, where he takes the pilot external id, looks at the ID numbers, sees that there is an ID range, say 1000 to 1200, logic dictates that there must be something between 1000 and 1200, which is 199 pilots - so he tries all 199 IDs, and gets lucky.. It's common sense, your fear mongering is only making you look like an idiot.. *sigh*
reading comprehension. try it sometime.
i asked you.
then i decided that either way i'd invalidate that key (security: assume breach first, ask questions later). it's not like i cannot issue another if i desire.
WiS is kinda cool and all, but FiS is more important.-á More FIS WORK! Nerf Supers, get the new backgrounds, buff assault ships, do the 0.0 balance, buff lowsec. and make a space pony! DUST SHOULD BE ON THE PC (a real platform!) GDI! I WILL NOT BUY A FQNG PS3 |
Karbowiak
Sniggerdly Pandemic Legion
14
|
Posted - 2011.09.20 21:29:00 -
[120] - Quote
Denidil wrote:Karbowiak wrote:Denidil wrote:Karbowiak wrote:Squizz is using the EVSCO API proxy, and if ur interested in knowing numbers and statistics on the EVE API as we see it, have at it! ;) EVE API errors (how many errors we generate a day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_errors_php.htmlEVE API requests (How many requests we do each day, this is for both EVE-KILL, EVEWho, EVEChatter and quite a few people who use our API proxy for various things (evemon for example)) http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/eveapi_requests_php.htmland if you want more stats then take a look here: http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve%20apiand http://91.215.157.114/munin/eureka.evsco.net/ronon.eureka.evsco.net/index.html#eve-killCCP are also welcome to keep a look at it, im sure you can use it for something. also, <3 Squizz so i have an alt that created a corp two days ago.. she has engaged in zero PVP activities... how does he have this info? is he getting people's API info off of EVESCO? because if he is i have a couple keys to go invalidate.... [edit] fack it.. i just invalidated the keys i issued to EVESCO/my alliance killboard. wow.. He isn't using any API keys from EVSCO/EVE-KILL for this you moron. He uses the very publicly available CCP API, where he takes the pilot external id, looks at the ID numbers, sees that there is an ID range, say 1000 to 1200, logic dictates that there must be something between 1000 and 1200, which is 199 pilots - so he tries all 199 IDs, and gets lucky.. It's common sense, your fear mongering is only making you look like an idiot.. *sigh* reading comprehension. try it sometime. i asked you. then i decided that either way i'd invalidate that key (security: assume breach first, ask questions later). it's not like i cannot issue another if i desire.
You should just tell me what your IP is so i can ban you, so we can get it over with.. Seems like a much better option
|
|
Denidil
The Graduates Morsus Mihi
94
|
Posted - 2011.09.20 21:37:00 -
[121] - Quote
Karbowiak wrote:
You should just tell me what your IP is so i can ban you, so we can get it over with.. Seems like a much better option
or you can grow up and stop acting like a ***** about someone asking you if you've been sharing keys.
i guess your immature behavior has determined whether or not i'll be issuing anything on eve-kill a new key. WiS is kinda cool and all, but FiS is more important.-á More FIS WORK! Nerf Supers, get the new backgrounds, buff assault ships, do the 0.0 balance, buff lowsec. and make a space pony! DUST SHOULD BE ON THE PC (a real platform!) GDI! I WILL NOT BUY A FQNG PS3 |
Herbstleyd
Atrocity.
0
|
Posted - 2011.09.20 21:38:00 -
[122] - Quote
EveWho.com - Atrocity endorsedGäó
Dec plox. |
Peter Powers
FinFleet Raiden.
14
|
Posted - 2011.09.20 22:44:00 -
[123] - Quote
Joyana Dakota wrote:I'm sorry but this website is breaking some rules in one form or another since I just created a new Corporation yesterday on an alt and it's already showing up on the website, I have never given my API away and I have never conducted any sort of PvP with that character so the information is not coming from random killboard information.
This should be illegal !
You put in the corp name to the search box and send it to the server, server makes request to eve api, asking the api to give the corporation id for the corporation name
(public API, as it should be, without it and its reverse it would be *impossible* to compare api style killmails with killmail style killmails for example).
with that information he then knows that the corporation exists, now its quite simple to find it ingame through the search, or for Squizz_Cs app the API the public information of the corp like.. founder, ceo, description text...
this is neither a new functionality nor worth the outrage, all those information Squizz_C uses are information that are essential to build 3rd party applications, and none of it reveals any damn secret.
You don't want anyone to know that a corp 'exists'? don't create it.
An existing Corporation is a corporation, that means it is in some sort of corporate register, which usually is public, you can not create a corporation and expect no one to know about it, its legally not a corporation if its not in such register. |
Arkady Sadik
Gradient Electus Matari
44
|
Posted - 2011.09.20 22:46:00 -
[124] - Quote
Our forums currently authenticate using the CharacterInfo call. We require an API key for the initial authentication, but once we have established that the forum account is indeed belonging to the same person as the API key holder, we do not need the API key anymore - we can simply call CharacterInfo and see if they're still in the alliance.
Likewise, there are lists like the FacWarTopStats that give you characterID but no further information about them. We use CharacterInfo to check which corp these people belong to. This is very useful as well.
Please do not remove this functionality. It's really, really useful. |
Morganta
Peripheral Madness The Midget Mafia
39
|
Posted - 2011.09.20 23:04:00 -
[125] - Quote
Miilla wrote:How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.
If they have a valid reason to query the API, they would have a key.
this is how it should be
The American public's reaction to the change was poor and the new cola was a major marketing failure. The subsequent reintroduction of Coke's original formula, re-branded as "Coca-Cola Classic", resulted in a significant gain in sales, leading to speculation that the introduction of the New Coke formula was just a marketing ploy |
Miilla
Hulkageddon Orphanage
54
|
Posted - 2011.09.20 23:10:00 -
[126] - Quote
CCP Stillman wrote:Miilla wrote:Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?
I can't speak in certain terms, as the plans aren't done at this point. But does it make sense to me? Yes.
So a likely future direction of the Eve API.
1) Paid for license App certificate / key to allow full access API's or perhaps priority queued and full query capabilities
2) Free license App certificate / key to allow basic API's and perhaps a slower secondary priority access, after paid for apps have got their share of calls completed and perhaps even limited in number of queries or time between queries.
I can see managing those app certificates being very messy, especially when those certs have been compromised, and they will, if there is a tiered API service. |
seany1212
The Scowling Men The Laughing Men
2
|
Posted - 2011.09.20 23:21:00 -
[127] - Quote
Karbowiak wrote: That said, you trying to get the EVSCO API banned by CCP, wouldn't be in anyones interest, since without it - EVE-KILL wouldn't recieve any mails via the API.
At which point, you hunting Squizz around ingame will be the least of your troubles :D
This **** just got real
|
Peter Powers
FinFleet Raiden.
14
|
Posted - 2011.09.20 23:27:00 -
[128] - Quote
Morganta wrote:Miilla wrote:How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.
If they have a valid reason to query the API, they would have a key.
this is how it should be thats not how it can or should work, there are information that *need* to be public available which will lead to some things exposed - for once that is the ID to name conversion.
if i have the name "Peter Powers" and i want to display the character portrait for example i need to be able to find the ID 179004085 somehow, otherwise i cannot show character pictures in my application.
Now for some use cases that might sound irrelevant, but if i have a software like a killboard for example, i really want those portraits there.
something similar goes for corporations, to display the logo of a corporation, i need to be able to retrieve the corporation information, since those contain the data needed to display the logo (or the corp description, or the ceo's name, or any other random public information).
Without all those information you end up with pretty horrible looking third party tools that have a horrible usability, rather than the rich and colorfull environment of tools and ideas put to tools you have nowadays.
And honestly, let me assure you that the API exposes no intel with any real meaning without a proper API key; and that eve-who, as nice as it is has a pretty limited set of data available compared to what some alliances / corps have in tools that dont even use the EVE API.
|
seany1212
The Scowling Men The Laughing Men
2
|
Posted - 2011.09.20 23:50:00 -
[129] - Quote
Peter Powers wrote:Morganta wrote:Miilla wrote:How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.
If they have a valid reason to query the API, they would have a key.
this is how it should be thats not how it can or should work, there are information that * need* to be public available which will lead to some things exposed - for once that is the ID to name conversion. if i have the name "Peter Powers" and i want to display the character portrait for example i need to be able to find the ID 179004085 somehow, otherwise i cannot show character pictures in my application. Now for some use cases that might sound irrelevant, but if i have a software like a killboard for example, i really want those portraits there. something similar goes for corporations, to display the logo of a corporation, i need to be able to retrieve the corporation information, since those contain the data needed to display the logo (or the corp description, or the ceo's name, or any other random public information). Without all those information you end up with pretty horrible looking third party tools that have a horrible usability, rather than the rich and colorfull environment of tools and ideas put to tools you have nowadays. And honestly, let me assure you that the API exposes no intel with any real meaning without a proper API key; and that eve-who, as nice as it is has a pretty limited set of data available compared to what some alliances / corps have in tools that dont even use the EVE API.
Agreeing with Peter Powers on this situation and confirming theres too many whiney bitches in this game. Dont want your character to be known, dont create one. Simple. |
Guillame Herschel
NME1
1
|
Posted - 2011.09.20 23:54:00 -
[130] - Quote
CCP Stillman wrote:Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.
It is trivial to avoid any IP-based blockade. Your API is broken. That is the problem. That you can close one barn door after one horse has gotten out is beside the point.
|
|
Shionoya Risa
The Xenodus Initiative.
46
|
Posted - 2011.09.21 00:12:00 -
[131] - Quote
Right, new alt created and logged off before anything loaded. If this character appears on EVEWho, something is clearly not right. |
Mehrdad Kor-Azor
Iure Divino
33
|
Posted - 2011.09.21 00:23:00 -
[132] - Quote
Big Brother is watching. |
Kronus Heilgar
Dark Orbit Media
2
|
Posted - 2011.09.21 01:07:00 -
[133] - Quote
Bahaha I love how this website gets the rage thread, but I didn't get any when I released my earlier version of the same thing a couple months ago (EVE Central Intelligence)
I know he's not scraping the API with random guesses so you can all stop bitching about that (you'd be amazed how fast the CCP API folks can go get that banhammer). He's in bed with EVSCO / eve-kill, so he gets every character name from every kill that goes through there, and probably also uses the API keys eve-kill users have given to get names from wallet transactions. In addition, the new RSS feed for the forums makes it easy to scrape those too.
So it's not against CCP regulations. But it's definitely an abuse of the API keys people have trusted to EVSCO / eve-kill.
After building an initial database it's quite the chain effect, you can see every corp the characters have been in, then see the CEO's of each of those corps, then see the corps that those CEO's have been in, and so on. All chat logs are automatically saved, so he can process those (just stay logged in while sitting in Jita and the noob systems).
So grow up. It's not going to change now. Best thing you can do is go change all your API keys. |
Simetraz
State War Academy Caldari State
54
|
Posted - 2011.09.21 05:45:00 -
[134] - Quote
Kronus Heilgar wrote:Bahaha So grow up. It's not going to change now. Best thing you can do is go change all your API keys.
Change your API keys and don't give out. That means no killboards, evemon, etc etc etc.
It was only a matter of time before someone put all this information together.
Be thankful they don't list the ISK in your account and what skill your training as well.
By the way I find it interesting that it is illegal to list NPC corp members but not player corps.
Capitals (Balancing and Roles) |
Sable Blitzmann
Massively Dynamic Reverberation Project
13
|
Posted - 2011.09.21 05:58:00 -
[135] - Quote
I find it funny that people are getting up in arms about people knowing what corp they're in. It's a video game, people, privacy laws don't come into effect with virtual people. Don't like it? Don't play the game (I'm looking at you Miilla) |
Xercodo
Xovoni Directorate
57
|
Posted - 2011.09.21 06:04:00 -
[136] - Quote
My first thought is "They can just show info on you in-game and know what corp your in anyway...." The Drake is a Lie |
Arkady Sadik
Gradient Electus Matari
45
|
Posted - 2011.09.21 08:00:00 -
[137] - Quote
The only people this is actually useful for are smaller groups in high/low-sec for war decs, so they can identify and hunt targets. Every halfway competent group did create member lists of their targets anyhow, this site makes that process much easier - a bit annoying, because it takes away some of the edge some groups have.
On the other hand, I do not see how to remove the functionality that enables this site without making a lot of API tools really u seless (see my last post, or Peter Powers' post above). So, better this way than the other. |
malaire
43
|
Posted - 2011.09.21 08:05:00 -
[138] - Quote
Simetraz wrote:By the way I find it interesting that it is illegal to list NPC corp members but not player corps. Why would it be illegal? I believe both are allowed. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
C4LYP50
Solarwind Interstellar Mining and Production Ltd
0
|
Posted - 2011.09.21 08:51:00 -
[139] - Quote
Othran wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API information and will continue to do so. Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all. The fact that the API calls confirm or refute the existence of a character based on a random charID suggests you're running damage control here Spitfire. I would strongly suggest you don't. Any system which confirms or refutes the existence of a user (or character) based on the user (char) ID and no key/pw is broken. Simple as.
This guy is exactly right. Alts who've never undocked, or had any impact (no buying/selling, speaking in local, etc.) on the game at all, are being shown here. This, to me, represents a prime example of API info gone way wrong. When all other options have been argued and refuted, this fact remains: You (CCP) changed the way the API works, and what can be gleaned from the data dumps. Now someone has datamined through your security hole, and I'm not appreciating your feeble attempt at damage control. As for the often used "its all information that you can glean ingame, publically available", I call BS. If this were true, it would have been done by someone long before now.
Just once, I'd like to have confidence in CCP to actually test stuff before it's pushed out live. Honestly............when are you people going to LEARN? |
Miilla
Hulkageddon Orphanage
57
|
Posted - 2011.09.21 10:27:00 -
[140] - Quote
THE END IS NIGH!!
NIGH!
|
|
Karbowiak
Sniggerdly Pandemic Legion
19
|
Posted - 2011.09.21 10:27:00 -
[141] - Quote
Kronus Heilgar wrote:Bahaha I love how this website gets the rage thread, but I didn't get any when I released my earlier version of the same thing a couple months ago ( EVE Central Intelligence) I know he's not scraping the API with random guesses so you can all stop bitching about that (you'd be amazed how fast the CCP API folks can go get that banhammer). He's in bed with EVSCO / eve-kill, so he gets every character name from every kill that goes through there, and probably also uses the API keys eve-kill users have given to get names from wallet transactions. In addition, the new RSS feed for the forums makes it easy to scrape those too. So it's not against CCP regulations. But it's definitely an abuse of the API keys people have trusted to EVSCO / eve-kill. After building an initial database it's quite the chain effect, you can see every corp the characters have been in, then see the CEO's of each of those corps, then see the corps that those CEO's have been in, and so on. All chat logs are automatically saved, so he can process those (just stay logged in while sitting in Jita and the noob systems). So grow up. It's not going to change now. Best thing you can do is go change all your API keys.
Thing is tho, no information besides the pilot list that you also got, are being shared. Only one using the API keys given to EVE-KILL is EVE-KILL and its hosted killboards.
The only thing we share with EVEWho and EVEChatter are the API proxy, since we both benefit from having an api proxy that's "warm". EVE-KILL benefits from it when its showing stats on corps/alliances, and EVEWho can ask the API 500 times a second for the same thing, with only one hit to the CCP API (not that he does, but he could in theory)
The only way we are "in bed" is that Squizz is the guy who helped create the new source for EVE-KILL, and also created our new API mod, and a whole slew of other things. But at no point in time, did he missuse his powers to give information from EVE-KILL to EVEWho.
All of this said, none of you will believe me, so i don't know why i even bother.. lol |
Miilla
Hulkageddon Orphanage
57
|
Posted - 2011.09.21 10:29:00 -
[142] - Quote
I suggest EVERYBODY makes at least 1 call that generates an error using EVSCO API proxy cache :)
|
St Mike
LoneStar Industries Comatose Alliance
0
|
Posted - 2011.09.21 10:30:00 -
[143] - Quote
You might even be providing your own Char ID with the request
1. You enter the name in that site 2. it cross checks the name with something like http://eveolution.de/portrait.php?user=miilla 3. the jpegs have your charID in the name ... 4 ... 5. Rage at CCP
|
Karbowiak
Sniggerdly Pandemic Legion
19
|
Posted - 2011.09.21 10:30:00 -
[144] - Quote
Miilla wrote:I suggest EVERYBODY makes at least 1 call that generates an error using EVSCO API proxy cache :)
Im afraid your plead has not been heard by anyone but your multiple personalities.. |
Karbowiak
Sniggerdly Pandemic Legion
19
|
Posted - 2011.09.21 10:34:00 -
[145] - Quote
St Mike wrote:You might even be providing your own Char ID with the request 1. You enter the name in that site 2. it cross checks the name with something like http://eveolution.de/portrait.php?user=miilla3. the jpegs have your charID in the name ... 4 ... 5. Rage at CCP
Also, ingame, all portraits are loaded from http://image.eveonline.com/Character/externalid_size.jpg So your CharacterID is also ingame |
Miilla
Hulkageddon Orphanage
57
|
Posted - 2011.09.21 10:41:00 -
[146] - Quote
All this MAYBE ingame, so what, if they want it IN GAME, they can LOG IN to the game and PLAY THE GAME.
Not automate it, that is something we are always told, CCP want people to LOG INTO the game to PLAY THE GAME to get info etc.
|
Karbowiak
Sniggerdly Pandemic Legion
19
|
Posted - 2011.09.21 10:45:00 -
[147] - Quote
Miilla wrote:All this MAYBE ingame, so what, if they want it IN GAME, they can LOG IN to the game and PLAY THE GAME.
Not automate it, that is something we are always told, CCP want people to LOG INTO the game to PLAY THE GAME to get info etc.
Thing is my dear friend, the image server is made so that this forum can show images from ingame in an easy way, and evegate, and eveonline.com, and all 3rd party sites aswell. Its used in EVE aswell, cause the client shouldn't render the images like it used to do, took too much time.
But isn't it awesome spouting nonsense without having the faintest clue how it works, or why its done this way ? i wish i could do that |
Jackk Hammer
Caldari Provisions Caldari State
1
|
Posted - 2011.09.21 10:45:00 -
[148] - Quote
This is the reason I never give my api key to anyone except trusted sites like Chribba's eveboard or pandemic-legion.com |
Miilla
Hulkageddon Orphanage
58
|
Posted - 2011.09.21 10:48:00 -
[149] - Quote
DoooooooooooooooooommmmM!!! |
Karbowiak
Sniggerdly Pandemic Legion
19
|
Posted - 2011.09.21 10:48:00 -
[150] - Quote
And with that last remark, i think we can call this rage thread for over.
Toodles o/ |
|
St Mike
LoneStar Industries Comatose Alliance
0
|
Posted - 2011.09.21 10:49:00 -
[151] - Quote
I am not worried about ingame gathering of charID While that may be automated as well, its these out-of-game loopholes from the combination of services offered by CCP that is disturbing.
I don't really care atm, as I am still suffering from Incarna f***-up and are more active in another well-known small-gang instant-action tank-driving online game. Not the depth of eve, but you can't have it all...
|
Miilla
Hulkageddon Orphanage
58
|
Posted - 2011.09.21 10:50:00 -
[152] - Quote
Karbowiak wrote:And with that last remark, i think we can call this rage thread for over.
Toodles o/
LOL no you are not getting away that easy.
|
Peter Powers
FinFleet Raiden.
17
|
Posted - 2011.09.21 10:56:00 -
[153] - Quote
Kronus Heilgar wrote: I know he's not scraping the API with random guesses so you can all stop bitching about that (you'd be amazed how fast the CCP API folks can go get that banhammer). He's in bed with EVSCO / eve-kill, so he gets every character name from every kill that goes through there, and probably also uses the API keys eve-kill users have given to get names from wallet transactions. In addition, the new RSS feed for the forums makes it easy to scrape those too.
So it's not against CCP regulations. But it's definitely an abuse of the API keys people have trusted to EVSCO / eve-kill.
After building an initial database it's quite the chain effect, you can see every corp the characters have been in, then see the CEO's of each of those corps, then see the corps that those CEO's have been in, and so on. All chat logs are automatically saved, so he can process those (just stay logged in while sitting in Jita and the noob systems).
So grow up. It's not going to change now. Best thing you can do is go change all your API keys.
Lol, Kronus, fail.
A bit of information on Kronus: Kronus started an website called something like eve intelligence service, people had (or have?) to pay isk to look at the results, which are basically the same information that evewho offers. One day Kronus joined an irc channel where the eve-kill guys and a few others of us (guests) hang out and started bugging about getting various access to information on eve-kill (he asked for api, he asked for a dump of the complete data and a few other things aswell) - and he got the reaction he deserved: he got a clear no, and when he was going on about it, he got trolled by several of us, be it about the information (hey kronus, i got the information, 80bn ill sell 'em to you), or be it after some basic checks about the quality of his software (rofl), or about how his unability to determine what is valueable intel and what not.
Meanwhile, Squizz_C who got bored with Kronus and didn't want to pay for such simple information as Kronus provided build his own solution (evewho) and decided rather than asking everyone to pay made it free for everyone.
For the information Squizz_C currently provides he doesn't need API access a fact that Kronus should know for sure.
I think this background should provide anyone with enough information on how much worth there is in Kronus allegations.
|
HyperBeanie
Phantom Squad Atlas.
2
|
Posted - 2011.09.21 11:07:00 -
[154] - Quote
Kronus Heilgar wrote:... [wall of text]... and probably also uses the API keys eve-kill users have given to get names from wallet transactions. In addition, the new RSS feed for the forums makes it easy to scrape those too.
So it's not against CCP regulations. But it's definitely an abuse of the API keys people have trusted to EVSCO / eve-kill. ... Just to put a final nail in the coffin. We don't even have access to the wallet of users! Simple as that, people only give us access to killlist with the new API system.
So there's no reason to be afraid of EVSCO having your api keys.
There, done, stop being stupid paranoid girls. |
Miilla
Hulkageddon Orphanage
58
|
Posted - 2011.09.21 11:10:00 -
[155] - Quote
BOYCOTT EVSCO!!!
Generate an ERROR protest :) |
Mara Tessidar
Bat Country Goonswarm Federation
20
|
Posted - 2011.09.21 11:14:00 -
[156] - Quote
IF YOU DON'T LIKE IT YOU CAN GIT OUT Honourable space pilot and anti-pirate. |
IamBeastx
Sniggerdly Pandemic Legion
0
|
Posted - 2011.09.21 11:20:00 -
[157] - Quote
So, any bets on how many people went to evewho and entered there 'super secret' alts name to check if its there and therefore gave evewho another name to check?? |
Alissa Solette
University of Caille Gallente Federation
3
|
Posted - 2011.09.21 12:21:00 -
[158] - Quote
Shionoya Risa wrote:Zagam wrote: Why is it so important that the info is hidden?
Apart from the massive intel boost it gives?
Which is available to anyone who can click a link or type an URL. Sure, that excludes at least half of the EVE population but in all honesty the intel would have been wasted on them either way. |
War Kitten
Panda McLegion
28
|
Posted - 2011.09.21 13:30:00 -
[159] - Quote
ITT: People with expectations of privacy on the interwebs.
/facepalm This is my signature.-á There are many others like it, but this one is mine. |
Louis deGuerre
Malevolence.
17
|
Posted - 2011.09.21 13:39:00 -
[160] - Quote
Great thread !
This info will be very usefull in my evil little highsec griefing war
Much thanks :) FIRE FRIENDSHIP TORPEDOES ! |
|
Khanh'rhh
Sudden Buggery Situation: Normal
10
|
Posted - 2011.09.21 13:45:00 -
[161] - Quote
ITT: Forum alts bitching and moaning about privacy.
I like the site, tbh CCP should just go ahead and list the characters within a corp under show info. - "Do not touch anything unnecessarily. Beware of pretty girls in dance halls and parks who may be spies, as well as bicycles, revolvers, uniforms, arms, dead horses, and men lying on roads -- they are not there accidentally." -Soviet infantry manual, issued in the 1930's |
Tippia
Sunshine and Lollipops
173
|
Posted - 2011.09.21 13:46:00 -
[162] - Quote
Jackk Hammer wrote:This is the reason I never give my api key to anyone except trusted sites like Chribba's eveboard or pandemic-legion.com GǪand guess what, those can be scraped, the names harvested, and then reversed into charIDs that can be called for more info. GÇöGÇöGÇö GÇ£If you're not willing to fight for what you have in GëívGëí you don't deserve it, and you will lose it.GÇ¥ GÇö Karath Piki-á |
Miilla
Hulkageddon Orphanage
59
|
Posted - 2011.09.21 13:51:00 -
[163] - Quote
CCP is the best scam ever.
|
Ya Huei
Imperial Collective
6
|
Posted - 2011.09.21 14:21:00 -
[164] - Quote
Prince Kobol wrote:Ya Huei wrote:By posting it on this forum you made more people aware of this site. very smart.
By making it a website it is public for EVERYONE on the internet luddite
I was just making the OP aware that him posting that site here was achieving the exact opposite of what he had intended, but I suppose the irony of that was lost to a simpleton like yourself.
|
Herbstleyd
Atrocity.
0
|
Posted - 2011.09.21 16:52:00 -
[165] - Quote
IamBeastx wrote:So, any bets on how many people went to evewho and entered there 'super secret' alts name to check if its there and therefore gave evewho another name to check?? Take the hint, people. Really, please do. Or don't. The latter would actually give us more people to spy on! |
Bai Guang
Federal Logistics Initiative Conglomerate H E L I C O N
0
|
Posted - 2011.09.23 06:41:00 -
[166] - Quote
C4LYP50 wrote:
This guy is exactly right. Alts who've never undocked, or had any impact (no buying/selling, speaking in local, etc.) on the game at all, are being shown here. This, to me, represents a prime example of API info gone way wrong. When all other options have been argued and refuted, this fact remains: You (CCP) changed the way the API works, and what can be gleaned from the data dumps. Now someone has datamined through your security hole, and I'm not appreciating your feeble attempt at damage control. As for the often used "its all information that you can glean ingame, publically available", I call BS. If this were true, it would have been done by someone long before now.
Just once, I'd like to have confidence in CCP to actually test stuff before it's pushed out live. Honestly............when are you people going to LEARN?
First I'd like to give props to Squizz for an awesome tool. Second, PeterPowers speaks the truth, and third this one goes to C4LYP50.... who said it wasnt done by some one a long time before now. This is just a public release of a capability that has been around a very long time.... |
PyroTech03
Legion of Darkwind Order of the Void
0
|
Posted - 2011.09.23 07:33:00 -
[167] - Quote
Thanks to the evewho.com guy....this will be helpful for war-dec's and recruiting (if people begin using the comment system on it)
Thank you OP for bringing it to my attention. If not for you, I would have never known about the site. |
Jowen Datloran
Science and Trade Institute Caldari State
34
|
Posted - 2011.09.23 12:26:00 -
[168] - Quote
All this meta gaming crap is getting tedious.
If information is supposed to be public it should be so using the game client and easy accessible to boot. One could, as example, let corporation information list all current members and this topic will be a non-issue. Mr. Science & Trade Institute, EVE Online Lorebook-á |
Amsterdam Conversations
Cheesecake Starshine
9
|
Posted - 2011.09.23 13:31:00 -
[169] - Quote
You do realize that all this info could never be scraped from a KB? I'm pretty sure 50% of the characters on there never existed on a KB in the first place.
The fact that Evewho was linked on eve-kill for a while makes it pretty obvious that karb handles API keys in a way he shouldn't.
Then again, it doesn't provide any new information. If anything, it reduces :effort:. |
Abdiel Kavash
Paladin Order Fidelas Constans
36
|
Posted - 2011.09.23 14:31:00 -
[170] - Quote
Jowen Datloran wrote:All this meta gaming crap is getting tedious.
If information is supposed to be public it should be so using the game client and easy accessible to boot. One could, as example, let corporation information list all current members and this topic will be a non-issue.
When you are fitting a new ship for the first time, do you run around, buy expensive faction mods, try different combintaions to see what fits and what doesn't, pick one, and sell off the remaining mods again? Or do you work it out using EFT and only buy the mods you need?
When you want to know how long will it take you to train for a marauder, do you look up all the neccessary books and their training modifiers, plug them into the SP formula, and divide by your training speed? Or do you make a plan in EVEmon and see it instantly?
When you need to move a carrier halfway across the universe, do you guesstimate the distances by eye and tell your cyno pilot to move to the system that appears to be closest to your destination? Or do you plan a route using dotlan?
If CCP started reinventing the wheel and adding all the tools the players already developed and perfected to the game (most likely in a half-arsed state), we would never see real content again. |
|
Karbowiak
Sniggerdly Pandemic Legion
19
|
Posted - 2011.09.23 18:29:00 -
[171] - Quote
Amsterdam Conversations wrote:You do realize that all this info could never be scraped from a KB? I'm pretty sure 50% of the characters on there never existed on a KB in the first place.
The fact that Evewho was linked on eve-kill for a while makes it pretty obvious that karb handles API keys in a way he shouldn't.
Then again, it doesn't provide any new information. If anything, it reduces :effort:.
What..
Well, lets say for a minute i am misusing the API keys, and i do access all the delicious goodies people have, what use would it have, when we use the new API system, and people only give us access to their killlog?
OH YEAH, i forgot, i can get all the corporations members, their standings, their pos locations, their wallet information etc. from the killlog.. or.. no, i can't..
Also, look here: http://eve-kill.net/?a=apikey it even says: You only need to click the 'killlog' and the 'no expiration' option when creating the key.
So yeah, EVE-KILL is using peoples API keys in ways we shouldn't.. ****** |
Hattori Hanzo
Center for Advanced Studies Gallente Federation
0
|
Posted - 2011.10.03 08:18:00 -
[172] - Quote
You're so full of **** Karb. I've seen how you treat people/EVSCO users for the past 2 years and at some point I thought it was enough.
And now you're such a hypocrite advocating the new customizable API keys are so safe. What about all those old FULL API keys that were valid for the past 2-5 years? And some of them still are. If you treated moral concerns only half as bad as you treated people on IRC - then those keys have been long shared between your `cool kids` gang - you, beanie (EVSCO), Peter Powers (king-board), squizz (eve-who) - and prolly the list goes on. You lot all hang out on coldfront IRC and as far as I saw you're thick as thieves.
Now if what I'm saying is valid - then with the new CAKs in place, eve-who should see a serious decrease in intel quality in the next months/years as new API keys don't provide full character/corp API info anymore to EVSCO, which in turn cannot feed these `cool toys` anymore. But enough bad has been done, as squizz already got a large portion of the current Eve population mapped out.
Eve-who `harvesting the official CCP API` story as you tried to sell it? Maybe, but I seriously doubt it. You're not gonna endanger your official API feed with guessing and invalid requests - ergo getting ban-hammered by CCP. Abusing the EVSCO old FULL API keys and lying people to their faces is much easier and has no consequences - as no-one has access to your servers and no-one can held you accountable for your actions.
Too bad there isn't a serious EVSCO alternative (BC sucks balls). You lot did exactly what everyone does after being trusted with a lot of information (ie. power). Abuse it. Hei Karb does anyone takes serious your teen ADD rabble anymore (here or on IRC)? Iirc you're still a teen living with your parents amirite? Attention-wh0ring much on how awesome you are anymore?
-- Solution? Delete/update asap your old API keys (especially if you ever used them with EVSCO) and stop using EVE-KILL. Well it's kinda ironic now - damage's already been done and a lot of stuff has been mapped out for eve-who and new CAKs don't give anywhere near so much intel as old FULL API keys did.
But what matters in the end.. squizz you're so much cooler than Kronus Heilgar and his ECI! Excuse me while I go puke. You know you're griefing a lot of small-scale corps (ie. the littly guy) for wanting to be `way cooler` rite? Enjoy it while it lasts, you sad panda. |
Karim alRashid
Aliastra Gallente Federation
10
|
Posted - 2011.10.03 09:54:00 -
[173] - Quote
Ok, so if you've given your full API key, it's all your own fault, don't whine.
The insert-adjective-related-to-defecation part, is getting access to all the characters on your account from the old LIMITED API key. So, once you've given it to a killboard or alliance forums or a third party application, which accidentally shares them with freinds, you alts are revealed, if they happen to be in corps, you alt corps are revealed, getting more character names, potentially getting more limited API keys, etc.
The same applies to the new customizable API keys, which are created for "All" characters on an account - the request to https://api.eveonline.com/account/Characters.xml.aspx returns all character ids.
So, if this is an issue for you.
1. Biomass your alts. 2. Delete all your legacy API keys. 3. Create a new customizable API key and in the field "Character" select only one of the characters, instead of "All" 4. Check whatever else you want to make public, e.g., "KillLog". 5. Do not ever give out to anyone an API key, which is created for "All". 6. Create new alts. |
Gregor Palter
82
|
Posted - 2011.10.03 10:18:00 -
[174] - Quote
Karbowiak wrote:Amsterdam Conversations wrote:You do realize that all this info could never be scraped from a KB? I'm pretty sure 50% of the characters on there never existed on a KB in the first place.
The fact that Evewho was linked on eve-kill for a while makes it pretty obvious that karb handles API keys in a way he shouldn't.
Then again, it doesn't provide any new information. If anything, it reduces :effort:. What.. Well, lets say for a minute i am misusing the API keys, and i do access all the delicious goodies people have, what use would it have, when we use the new API system, and people only give us access to their killlog? OH YEAH, i forgot, i can get all the corporations members, their standings, their pos locations, their wallet information etc. from the killlog.. or.. no, i can't.. Also, look here: http://eve-kill.net/?a=apikeyit even says: You only need to click the 'killlog' and the 'no expiration' option when creating the key. So yeah, EVE-KILL is using peoples API keys in ways we shouldn't.. ******
Yes lets completely not mention the old API keys that have been used since forever, because that might cause some embarrassment.
Excuses are the refuge of the weak. |
Spurty
V0LTA VOLTA Corp
25
|
Posted - 2011.10.03 11:16:00 -
[175] - Quote
If I was asked to populate a Corp Membership list, this is what unwound do:
http://wiki.eveonline.com/en/wiki/EVE_API_Corporation_Member_Tracking
Requires only one member to yield their full API key
Now explain how this info can be used against you again?
Like character profiles, when you're fighting, seems like it would offer an advantage, but same question. How exactly?
Information that needs to be kept secret is your current ships fit. There is no API to pull that.
You are sort of over thinking the usefulness of this information.
For corps ---- CONCORD arrested two n00bs yesterday, one was drinking battery acid, the other was eating fireworks. They charged one and let the other one off. |
Jaroslav Unwanted
Brutor Tribe Minmatar Republic
10
|
Posted - 2011.10.03 13:59:00 -
[176] - Quote
Maybe stupid question ?
Does the site specify that certain amount of toons are from one real person ?
Does the site shows exact time you log in/out as well as the place you live ?
If not, i cant see why so many people are so freaked out about "theirs" imaginary in-game privacy.
Or is your new created corporation actually mover and shaker of the EVE world that everyone will just know it name and look for it in some 3rd party tool/ website etc. ?
You are probably the first and probably the last person who will ever look it up .. |
Karbowiak
Sniggerdly Pandemic Legion
20
|
Posted - 2011.10.06 14:31:00 -
[177] - Quote
Hattori Hanzo wrote:You're so full of **** Karb. I've seen how you treat people/EVSCO users for the past 2 years and at some point I thought it was enough.
And now you're such a hypocrite advocating the new customizable API keys are so safe. What about all those old FULL API keys that were valid for the past 2-5 years? And some of them still are. If you treated moral concerns only half as bad as you treated people on IRC - then those keys have been long shared between your `cool kids` gang - you, beanie (EVSCO), Peter Powers (king-board), squizz (eve-who) - and prolly the list goes on. You lot all hang out on coldfront IRC and as far as I saw you're thick as thieves.
Now if what I'm saying is valid - then with the new CAKs in place, eve-who should see a serious decrease in intel quality in the next months/years as new API keys don't provide full character/corp API info anymore to EVSCO, which in turn cannot feed these `cool toys` anymore. But enough bad has been done, as squizz already got a large portion of the current Eve population mapped out.
Eve-who `harvesting the official CCP API` story as you tried to sell it? Maybe, but I seriously doubt it. You're not gonna endanger your official API feed with guessing and invalid requests - ergo getting ban-hammered by CCP. Abusing the EVSCO old FULL API keys and lying people to their faces is much easier and has no consequences - as no-one has access to your servers and no-one can held you accountable for your actions.
Too bad there isn't a serious EVSCO alternative (BC sucks balls). You lot did exactly what everyone does after being trusted with a lot of information (ie. power). Abuse it. Hei Karb does anyone takes serious your teen ADD rabble anymore (here or on IRC)? Iirc you're still a teen living with your parents amirite? Attention-wh0ring much on how awesome you are anymore?
-- Solution? Delete/update asap your old API keys (especially if you ever used them with EVSCO) and stop using EVE-KILL. Well it's kinda ironic now - damage's already been done and a lot of stuff has been mapped out for eve-who and new CAKs don't give anywhere near so much intel as old FULL API keys did.
But what matters in the end.. squizz you're so much cooler than Kronus Heilgar and his ECI! Excuse me while I go puke. You know you're griefing a lot of small-scale corps (ie. the little guy) for wanting to be `way cooler` rite? Enjoy it while it lasts, you sad panda.
hahahahahahaha Holy **** a wall of whine. :D
Anyway lemme answer your whine (which i did once already on IRC, but, yeah.. you're the gift that keeps whining). 1. the new API keys only give us access to what you tell us we can access, if you tick off killlog and only that, then thats what we can access, if you tick off everything, then thank you, we can now access everything.
2. the old apikeys have worked for a long time, that is true, but when we switched to the new keys, they were all deleted.
3. the api keys in the database hasn't been shared. All the information Squizz got with EVEWho was collected on his own accord. Same way the ECI dude did it.
But yeah, keep whining. Not like we are going anywhere because if you, infact. The whine just makes this so much more pleasent!
Anyway, keep on trollin' |
Miilla
Hulkageddon Orphanage
75
|
Posted - 2011.10.06 14:33:00 -
[178] - Quote
EVERYBODY generate an ERROR API call on their proxy :) |
Karbowiak
Sniggerdly Pandemic Legion
20
|
Posted - 2011.10.06 14:38:00 -
[179] - Quote
Miilla wrote:EVERYBODY generate an ERROR API call on their proxy :)
Have at it, its down like everything else while i move the database stuff around, lol.. |
Prince Kobol
51
|
Posted - 2011.10.06 15:02:00 -
[180] - Quote
To who ever created this site all I have to say GREAT JOB
I would just ignore all the whiners, in fact I wouldn't even waste your time responding to them
Haters will always hate |
|
Candente
The Kairos Syndicate Transmission Lost
0
|
Posted - 2011.10.06 17:11:00 -
[181] - Quote
Of course only CCP has the power to change uses of API. So I'm guessing either CCP is going to add the full list of members when doing show info on a corporation, or magically erase all traces of the data publically available on evewho. I'm pretty sure the former is easier to achieve. |
Karbowiak
Sniggerdly Pandemic Legion
20
|
Posted - 2011.10.06 19:41:00 -
[182] - Quote
Candente wrote:Of course only CCP has the power to change uses of API. So I'm guessing either CCP is going to add the full list of members when doing show info on a corporation, or magically erase all traces of the data publically available on evewho. I'm pretty sure the former is easier to achieve.
You want CCP to erase private data from a 3rd party's server? |
ACY GTMI
Veerhouven Group The Veerhouven Group
1
|
Posted - 2011.10.06 20:24:00 -
[183] - Quote
Been smoking that Peruvian batsht again?
Pilots = Coming soon.
They have no idea. |
Squizz Caphinator
Woopatang
13
|
Posted - 2011.10.06 20:52:00 -
[184] - Quote
ACY GTMI wrote:Been smoking that Peruvian batsht again?
Pilots = Coming soon.
They have no idea.
Uh, just what do you expect to see there? http://evewho.com - Alliance and Corporation Member Listings http://evechatter.com - Free Alliance and Corporation forums for all. |
Baron Holbach
Ammo and Tag Ninja Unicorns with Huge Horns
1
|
Posted - 2011.10.20 10:48:00 -
[185] - Quote
would be quite awesome if you would add some kind of history tool like show members movment by corp or for example who is left/join in last 6 months and who was members of this corp 1 year agou! etc.... |
Skippermonkey
Tactical Knightmare
124
|
Posted - 2011.10.20 11:12:00 -
[186] - Quote
Wow.. a whole lot of rage over nothing |
Mithfindel
Zenko Incorporated
4
|
Posted - 2011.10.20 11:41:00 -
[187] - Quote
As a note, retreiving character names could technically be done by brute-forcing all valid characters on the Search Character field. For example, let us assume I have never logged on on Mithfindel after creating the character: Anyone searching characters beginning with "MIT" would likely pop out this one, too. Naturally this process does likely take too much time unless it is automated, but even without the api, no character is safe from "being seen", even in theory, as long as the character is not biomassed. (Biomassed characters still exist in some form, though, but don't appear in the lists of "alive" characters.) |
Szindor
Amarr Empire
26
|
Posted - 2011.10.20 12:00:00 -
[188] - Quote
Skippermonkey wrote:Wow.. a whole lot of rage over nothing
website doesnt load... whaaat? My thoughts exactly. |
Momoro
0
|
Posted - 2011.10.25 23:36:00 -
[189] - Quote
Converting a character name to a characterID is pretty easy. For example, you could just add them as a contact: http://wiki.eveonline.com/en/wiki/EVE_API_Character_Contact_List |
Hans Jagerblitzen
Autocannons Anonymous
347
|
Posted - 2011.10.25 23:45:00 -
[190] - Quote
Nikkov wrote: How can the information be public, ie: Killboards, when alts are being shown that have never undicked from station?
It is public because if you are online, your name shows up in local. You can see the corp name by checking info, whether you are docked or not.
It is no different than someone flying around, writing down every name and corp member in a notebook, cross referencing, and sharing the info publically.
There is no way to mask what corp your toon belongs to, as long as you've logged on once you've given away to the game universe what corp you belong to. As long as all your corp members have logged on once, they too are all known members of your corp.
Nothing to be alarmed about really, its all public.
|
|
Niffo
Defenders of Order
4
|
Posted - 2011.10.26 00:45:00 -
[191] - Quote
Great site - thanks for sharing. |
Narthex T'Gollero
Hard Rock Mining Co. Territorial Claim Unit
0
|
Posted - 2011.10.27 18:57:00 -
[192] - Quote
EVE who is amazing.
Find out who is in a corp. And etc.
I love it.
Narthex T'Gollero Director Diplomatic Corps TCU http://wiki.eveonline.com/en/wiki/Hard_Rock_Mining_Co. http://evemaps.dotlan.net/alliance/Territorial_Claim_Unit |
Mag's
the united Negative Ten.
1034
|
Posted - 2011.10.27 19:52:00 -
[193] - Quote
Skippermonkey wrote:Wow.. a whole lot of rage over nothing
website doesnt load... whaaat? This.
Really, why the big fuss?
CCP Zulu..... Forcing players to dock at the captain's quarters is a form of what we actually wanted to get through, which is making Incarna a seamless part of the EVE Online experience. |
Squizz Caphinator
Woopatang
15
|
Posted - 2011.10.28 15:23:00 -
[194] - Quote
Baron Holbach wrote:would be quite awesome if you would add some kind of history tool like show members movment by corp or for example who is left/join in last 6 months and who was members of this corp 1 year agou! etc....
This is something I'll be implementing in the next week or two. That and integration with EveKill. http://evewho.com - Alliance and Corporation Member Listings http://evechatter.com - Free Alliance and Corporation forums for all. |
Nova Fox
Novafox Shipyards
159
|
Posted - 2011.10.28 15:52:00 -
[195] - Quote
Why is it these killboards have more posted kills than I actually partipicated in? |
Amro One
One.
8
|
Posted - 2011.10.28 16:22:00 -
[196] - Quote
I love EVE WHO.
I can finally War Dec corps and have a full list of members for locator agents. This should be game mechanic in-game anyways.
BARBIE WANTS TO WEAR SOCKS |
|
|
|
Pages: 1 2 3 4 5 6 7 :: [one page] |