Pages: 1 2 [3] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Lost Greybeard
Drunken Yordles
624
|
Posted - 2015.05.18 03:05:29 -
[61] - Quote
Avaelica Kuershin wrote:(My mail would show up some red flags... I'm probably 'unemployable' by now )
Probably going to eventually make some poor corp security guy's life difficult by pointing this out in a thread that new people might look to in the future... but you realize that any email you trash and then delete doesn't show up with API access either, right?
You can literally correspond with your out-of-corp conspirator via in-game mail about how you're snickering evilly at the fools that believe your story, then delete it, and as long as the guy with the key doesn't access it before you hit delete he'll never know.
And if you just clear all your mail on a regular basis you wouldn't be unusual, a recruiter calling that a red flag wouldn't be able to recruit ANYONE.
(Ain't no free lunches in Eve, is what I'm getting at, including when you're trying to hunt spies.) |
Amanda Chan
Error 404 Pod Not Found
4
|
Posted - 2015.05.18 06:03:09 -
[62] - Quote
BeBopAReBop RhubarbPie wrote: Isk transactions are use to spot alts. Any new player dealing with large sums of isk is suspect, but even more so if that isk was a direct donation. The same is true of expensive assets. If I have a one to three month old character applying to a corp who has a large stockpile of t2, pirate faction or cruiser+ sized vessels, thats a red flag. If the said character has very few ships but those include catalysts, thoraxes, or gnosis, that's a huge red flag.
Further more, for corps that recruit more experienced players, they may just want to check that the player isn't lying on the application. I honestly don't remember the last time someone asked me for a full api, and I'm at a point in my career where I'm hesitant to give it out, but that doesn't mean I would ever expect a corp to recruit me without it.
I could see some worry about this for capital pilots joining smaller corps, or for incursion/level 4 mission runners with blinged ships, but honestly no one cares that you have a raven in Osmon.
Kirk Ernaga wrote: Except wallet transactions is the number one thing to check for awoxers. I know of lots of awoxers that would've been recruited except they had suspicious wallet transfers from alts in large alliances.
A large wallet donation could be just that a large wallet donation. I guess i'm just crazy but whenever I sucker a friend to join EVE I usually toss oodles of isk so they don't have to worry about money for a long time.
I'm just a cynical person who don't like people poking their nose in business that isn't theirs, but I can conceed that assets can help detect a POSSIBLE awoxer. Although it would be subjective and easily spun in an interview.
|
Eve Solecist
Shitt Outta Luck - GANKING4GOOD
3046
|
Posted - 2015.05.18 06:10:18 -
[63] - Quote
Lost Greybeard wrote:Avaelica Kuershin wrote:(My mail would show up some red flags... I'm probably 'unemployable' by now ) Probably going to eventually make some poor corp security guy's life difficult by pointing this out in a thread that new people might look to in the future... but you realize that any email you trash and then delete doesn't show up with API access either, right? You can literally correspond with your out-of-corp conspirator via in-game mail about how you're snickering evilly at the fools that believe your story, then delete it, and as long as the guy with the key doesn't access it before you hit delete he'll never know. And if you just clear all your mail on a regular basis you wouldn't be unusual, a recruiter calling that a red flag wouldn't be able to recruit ANYONE. (Ain't no free lunches in Eve, is what I'm getting at, including when you're trying to hunt spies.) People say deleted mails can still be pulled via API ...
Abolish Rookiecorps
ISD Ezwal > And then Ezwal comes along and takes all that space(s) away.
Him after realising rigs don't need any skills: Chris Lazeare > That changes everything
|
Nat Silverguard
Aideron Robotics
139
|
Posted - 2015.05.18 07:04:43 -
[64] - Quote
If you badly want to join a certain corporation, imho, it is safe to assume that you somehow trust and like them to some degree, to that point i think there's no issue in giving them your non-expiring full API keys.
If after some time you found out that you made a mistake and don't like them, you could always delete that API key and leave.
Just to share, my current corp is in FW Gal Militia, but before that they were an industrial corp., this old blog can give you an idea what our CEO and my caring Directors, of course, does with our APIs. They made alot of cool and neat apps/tools ranging from production monitoring (before) to automated comms access, combat proficiency monitoring, skill auditing for corp doctrine (now) to help us in our EvE pewpew life.
Again, you might ask, "but my mail is not relevant to the apps he made!". To that i would say, to be in this corp, it's worth the compromise.
Just Add Water
|
Sabriz Adoudel
Glorious Revolutionary Armed Forces of Highsec CODE.
5109
|
Posted - 2015.05.18 07:38:15 -
[65] - Quote
Avaelica Kuershin wrote:BeBopAReBop RhubarbPie wrote: Isk transactions are use to spot alts. Any new player dealing with large sums of isk is suspect, but even more so if that isk was a direct donation. The same is true of expensive assets. If I have a one to three month old character applying to a corp who has a large stockpile of t2, pirate faction or cruiser+ sized vessels, thats a red flag. If the said character has very few ships but those include catalysts, thoraxes, or gnosis, that's a huge red flag.
I could see some worry about this for capital pilots joining smaller corps, or for incursion/level 4 mission runners with blinged ships, but honestly no one cares that you have a raven in Osmon.
Anomalies in ISK transaction, skill training, assets, implants, jump clones... in a 'new' character would certainly be red flags even without access to mail. In an experienced character, I can see location of jump clones and combat logs being of interest. Really, it all depends on what you are looking for when an api is requested. Trouble is, knowing what are red flags can mean a spy knows what to avoid, and how to how to look innocent. (My mail would show up some red flags... I'm probably 'unemployable' by now )
First thing to check is the order skills were trained early in the character's life and check it matches the player's story.
If someone claims to be new to EVE, the #1 red flag is them having trained dangerous skills early on (e.g. being able to fit a Covert Cyno), or skills that do not sound interesting to rookies and aren't useful at low skills. The #2 red flag is not having done several of the original tutorial missions. And the #3 red flag is them following an extremely disciplined skill training plan from being new without any of the SP wasting you expect on a new player.
Next thing to check is asset transfers and how they got their first 200 million ISK, and how they make ISK now. Do they redeem and sell PLEX? If so, they are likely to have more of a 'YOLO' attitude to assets in-game and so should not be put in positions where their errors will cost billions. Are they a shrewd trader? If so, they probably value ISK highly and see loyalty as a currency - these people will be loyal then sell you out if the price is right. Are they a 'hard worker' (made their ISK as a miner, etc)? These people can be taken advantage of. Were they 'lucky' and got a few monster exploration pulls and made their first billion through selling deadspace modules they got from complexes? This is a red flag. This person has very carefully washed assets from an alt.
A limited API showing everything on the account except the contents of mail and that expires after 7 days is fine for security checks. I wouldn't ask for mail contents. EVEmails sometimes include personal details so if you send the API key to another person you *might* be an unintentional party in doxxing someone, and if someone is incompetent enough to have something incriminating in their EVEmails, they'll be incompetent enough to fail another test.
As someone that both does recruiting AND has done a small amount of joining corps as a 'disloyal member' (as a 'smash and grab' AWOXer, as a spy in wardecs and in attempted corp thefts), I can say that any corp that does not take operational security measures appropriate to the amount of assets the corp has and the corporation's profile is going to be a liability to its loyal members.
Shoot everyone. Let the Saviour sort it out.
I enforce the New Haliama Code of Conduct via wardec ops. Ignorance of the law is no excuse - read about requirements for highsec miners at www.minerbumping.com
|
Jack Morrison
Manson Family Advent of Fate
224
|
Posted - 2015.05.18 08:33:21 -
[66] - Quote
Sabriz Adoudel wrote:Avaelica Kuershin wrote:BeBopAReBop RhubarbPie wrote: Isk transactions are use to spot alts. Any new player dealing with large sums of isk is suspect, but even more so if that isk was a direct donation. The same is true of expensive assets. If I have a one to three month old character applying to a corp who has a large stockpile of t2, pirate faction or cruiser+ sized vessels, thats a red flag. If the said character has very few ships but those include catalysts, thoraxes, or gnosis, that's a huge red flag.
I could see some worry about this for capital pilots joining smaller corps, or for incursion/level 4 mission runners with blinged ships, but honestly no one cares that you have a raven in Osmon.
Anomalies in ISK transaction, skill training, assets, implants, jump clones... in a 'new' character would certainly be red flags even without access to mail. In an experienced character, I can see location of jump clones and combat logs being of interest. Really, it all depends on what you are looking for when an api is requested. Trouble is, knowing what are red flags can mean a spy knows what to avoid, and how to how to look innocent. (My mail would show up some red flags... I'm probably 'unemployable' by now ) (deleted - doesn't feel right to quote so many lines) As someone that both does recruiting AND has done a small amount of joining corps as a 'disloyal member' (as a 'smash and grab' AWOXer, as a spy in wardecs and in attempted corp thefts), I can say that any corp that does not take operational security measures appropriate to the amount of assets the corp has and the corporation's profile is going to be a liability to its loyal members.
Well done
Looking for a group to pew with ? Have a chat with me.
|
ergherhdfgh
Imperial Academy Amarr Empire
555
|
Posted - 2015.05.18 10:27:22 -
[67] - Quote
13kr1d1 wrote:
Like others have said, a good spy/corp theft alt will be a paid single account cultivated to get into places and get trust.
This does not change the fact that properly using API checks will keep out at least 90% of those types. Yes it will not stop a good one but there are few people willing to invest 6 months of paid sub into one account only to use it for something shady once and have that toon then be useless.
13kr1d1 wrote: Anyone else can work their way up the ranks of trust, either on the ground floor of a ****** low quality corp that will get big later (not a spy/corp theft target), or as a grunt in an already big corp.
If you manage your corp well, you manage risk with losses by restricting access and having a graduating level of trust for people in positions. This common sense approach does not require API. If you lack common sense, API will not help your corp keep out theft.
Again limited API check combine with minimum SP requirement to assure it's not a free throw away alt will eliminate the vast majority of problem causers. API checks are not fool proof but they are very helpful. |
Eve Solecist
Shitt Outta Luck - GANKING4GOOD
3049
|
Posted - 2015.05.18 12:59:34 -
[68] - Quote
I keep hearing that there are so many of them ... ... but where is the evidence of that?
Where?
The illusionary threat for which people have to give up freedom ?
Abolish Rookiecorps
ISD Ezwal > And then Ezwal comes along and takes all that space(s) away.
Him after realising rigs don't need any skills: Chris Lazeare > That changes everything
|
Moe Molossus
Royal Amarr Institute Amarr Empire
0
|
Posted - 2015.05.18 13:26:22 -
[69] - Quote
Personally I'd say when it come to assets it would be no ones business what I have scattered around. And if a corp wanted my full api I would ask for theirs first. Trust goes both ways. When I tried to get into eve in the past I got burned so much by corps. eve tend to make people paranoid its the nature of the beast. What often is forgotten is that it is not just a corp that take a risk by letting a player join. That player also take on a risk by joining the corp. |
Milla Jjovovich
Native Freshfood Minmatar Republic
8
|
Posted - 2015.05.18 14:23:17 -
[70] - Quote
nothing to hide so im not really fussed, corp can check out my ship collection and how rich im not if they think it makes a difference, but yeah if they have some api tools for your character then even better |
|
ergherhdfgh
Imperial Academy Amarr Empire
556
|
Posted - 2015.05.18 21:39:50 -
[71] - Quote
Eve Solecist wrote:I keep hearing that there are so many of them ... ... but where is the evidence of that?
Where?
The illusionary threat for which people have to give up freedom ?
Simple fact is that if you are a high sec corp and you have open recruitment with no API checks and no SP requirement that you will be war deced for as long as you are taking in new members. Once you start doing API checks with an SP requirement you will watch your recruiting war decs go down to sometimes from always.
It's not an illusory threat it's just a fact of Eve. |
13kr1d1
Hedion University Amarr Empire
139
|
Posted - 2015.05.20 01:22:14 -
[72] - Quote
ergherhdfgh wrote:Eve Solecist wrote:I keep hearing that there are so many of them ... ... but where is the evidence of that?
Where?
The illusionary threat for which people have to give up freedom ?
Simple fact is that if you are a high sec corp and you have open recruitment with no API checks and no SP requirement that you will be war deced for as long as you are taking in new members. Once you start doing API checks with an SP requirement you will watch your recruiting war decs go down to sometimes from always. It's not an illusory threat it's just a fact of Eve.
Explain the logic behind wardecs coming from no API checks. I don't think this happens anywhere but in your precious nullsec carebear alliances.
At 5 drones of T2, the Tristan is nearly as powerful as the Algos, with a cheaper price tag, better maneuverability and speed, and smaller sig radius to avoid the lazy carebearish T3 station blapping -10s who have no life. Pick tristan for FW.
|
Lost Greybeard
Drunken Yordles
634
|
Posted - 2015.05.20 02:14:44 -
[73] - Quote
Eve Solecist wrote:People say deleted mails can still be pulled via API ...
Deleted in the sense of "in your trash bin", yes. Your eve-mail trash bin is as accessible as the rest of the mail.
Deleted in the sense of actually deleted, no. They'll have to pull them in the synch time of whatever they're using to access it, which is usually around 15 minutes. All that incriminating stuff from three months ago that you long since deleted? It's gone, unless you specifically saved it.
Essentially, your eve-mail is one of the things that no recruiter with half a brain actually cares about, so it's on the list of "if the corp wants this from you, you may be talking to a scammer instead of a recruiter" red flags.
The typical list for genuine recruiting offers is usually something like: Wallet transactions, Contact lists, Skills, market orders, kill/death reports. Much beyond that and you should start getting a bit narrow-eyed. And honestly if they want anything long-term (more than a month or two of trial period) other than K/D reports for killboard postings and maaaaaaybe contact lists, tell them to **** right off unless your'e willing to take the rather large risk that they're up to something sketchy with your data. |
Kirk Ernaga
Arbiters of the Void Advent of Fate
6
|
Posted - 2015.05.20 02:17:33 -
[74] - Quote
13kr1d1 wrote:ergherhdfgh wrote:Eve Solecist wrote:I keep hearing that there are so many of them ... ... but where is the evidence of that?
Where?
The illusionary threat for which people have to give up freedom ?
Simple fact is that if you are a high sec corp and you have open recruitment with no API checks and no SP requirement that you will be war deced for as long as you are taking in new members. Once you start doing API checks with an SP requirement you will watch your recruiting war decs go down to sometimes from always. It's not an illusory threat it's just a fact of Eve. Explain the logic behind wardecs coming from no API checks. I don't think this happens anywhere but in your precious nullsec carebear alliances.
Because if your not checking api's they can plant a spy in your corp with next to no effort. |
Derrick Diggler
Eternity INC. Goonswarm Federation
10
|
Posted - 2015.05.20 05:48:25 -
[75] - Quote
I don't think there is any need to freak out. If you do not want to give out your API, do not join corporations that require it and all is well. Same if you think that people should give you api number for entry into your corp and they do not want to do that, just do not recruit them.
Some people require it and some don't. Lucky this game caters for everyone. And in the end if you want to join a corp badly enough in the end you will not care. If you are joining a corp without really caring about it, then you do not have to give your API.
You can even consider it a first loyalty check if you like. |
Eve Solecist
Shitt Outta Luck - GANKING4GOOD
3079
|
Posted - 2015.05.20 13:15:14 -
[76] - Quote
Kirk Ernaga wrote:13kr1d1 wrote:ergherhdfgh wrote:Eve Solecist wrote:I keep hearing that there are so many of them ... ... but where is the evidence of that?
Where?
The illusionary threat for which people have to give up freedom ?
Simple fact is that if you are a high sec corp and you have open recruitment with no API checks and no SP requirement that you will be war deced for as long as you are taking in new members. Once you start doing API checks with an SP requirement you will watch your recruiting war decs go down to sometimes from always. It's not an illusory threat it's just a fact of Eve. Explain the logic behind wardecs coming from no API checks. I don't think this happens anywhere but in your precious nullsec carebear alliances. Because if your not checking api's they can plant a spy in your corp with next to no effort. It's still no effort even with API checks.
The idea that there are thousands of awoxxers and spies interested in ones silly corp is ... ... the equivalent of believing there are terrorists out there everywhere trying to kill you.
They're not. I left the building and I'm still alive.
this whole thing serves no other purpose than providing the illusion of security against an imaginary threat. People behave as if they all were targets.
Nonsense.
Freedom is Slavery
ISD Ezwal > And then Ezwal comes along and takes all that space(s) away.
<===== I wished my bra was green as well - 1024x1024
|
Donnachadh
United Allegiance of Undesirables
283
|
Posted - 2015.05.20 14:30:17 -
[77] - Quote
Kirk Ernaga wrote:[quote=13kr1d1]Because if your not checking api's they can plant a spy in your corp with next to no effort. Since this comment was attached to post about high sec corps one has to wonder what difference does it make? For the overwhelming majority of high sec corps what could they possibly have that a spy would be interested in, or even be able to make use of?
|
Vimsy Vortis
Shoulda Checked Local Break-A-Wish Foundation
2410
|
Posted - 2015.05.21 17:55:05 -
[78] - Quote
ergherhdfgh wrote:Eve Solecist wrote:I keep hearing that there are so many of them ... ... but where is the evidence of that?
Where?
The illusionary threat for which people have to give up freedom ?
Simple fact is that if you are a high sec corp and you have open recruitment with no API checks and no SP requirement that you will be war deced for as long as you are taking in new members. Once you start doing API checks with an SP requirement you will watch your recruiting war decs go down to sometimes from always. It's not an illusory threat it's just a fact of Eve. This is true but it's not because of the corp recruiting spies. When people like me declare wars on people "for targets" we sort through various statistics that are available in game and on third parties. One of the things that stands out a lot is corps with a rapid increase in size because it indicates a high level of player activity but bad organization.
Spying, while super fun, is actually very uncommon, very people in my alliance actually have spy alts and they wouldn't be found out by API checks either as they are specifically cultivated for spying and have less suspicious backgrounds than most legitimate corp applicants.
Notably I once had the CEO of the corp I had my alt in tell me that he had rejected several recent applications because they were obvious break-a-wish spy alts.
Ling story short 95% of wars don't involve a spy and in many cases an a API would not have caught them. However sensible recruiting practices and not growing you player base beyond your ability to organize will prevent wars for other reasons. |
Anne Dieu-le-veut
Natl Assn for the Advancement of Criminal People
181
|
Posted - 2015.05.21 18:43:08 -
[79] - Quote
My objection to APIs is no one needs to know who my alts are. |
Zoe Athame
KarmaFleet Goonswarm Federation
259
|
Posted - 2015.05.21 19:01:03 -
[80] - Quote
Nat Silverguard wrote:If you badly want to join a certain corporation, imho, it is safe to assume that you somehow trust and like them to some degree, to that point i think there's no issue in giving them your non-expiring full API keys.
I think this is the most important point in this thread.
Paranoid NPC corp player's opinions are all hypothetical since they don't want to join a corp anyway. |
|
|
|
|
Pages: 1 2 [3] :: one page |
First page | Previous page | Next page | Last page |