|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.23 10:01:00 -
[1]
Sofar I've actually had no problems with how EBANK has tried to solve their problems.
But demanding API keys is too much.
And the stated reasons for why doesnt really hold water imo.
Someone using two (or more) different accounts won't be "cought out" with an API key check anyhow (different keys for each account).
I think this is a very ill-adviced idea and in the long run will actually hurt EBANK more than anything else that have been going on.
Please EBANK, do reconsider and try and come up with something else instead.
From an ease of coding perspective I think the suggestion made of simply logging a chat channel (and search for the names - this is easily automated) is the simplest solution that would satisfie just about everyone (EBANK and customers)
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.23 19:44:00 -
[2]
Originally by: LaVista Vista Has BMBE ever had problems with RMT? Maybe issue with depositors that has defaulted loans on alts, yet gains interest on the ISK in their account?
Tsk tsk Vista - BMBE is not a deposit bank. Surely you know this
Originally by: LaVista Vista
As for the "fact" that it will hurt EBANK
Sigh - Please don't put words in my mouth. I quite clearly wrote "I think" - Hence simply offering my opinion on the matter, and not in anyway dressing it as "fact". But I stand by that opinion - And I think the many replies to this thread on the API key issue goes some ways as to show I'm probably not completly wrong - Or at least alone in thinking so.
Originally by: LaVista Vista
The API is simply the easiest option.
Agreed. But "easiest option" doesn't make it the "most correct/proper option".
Originally by: LaVista Vista
There's very little information worth anything
Now *you* are trying to pass of something you *think* as "fact". As this thread abundantly shows, thats very much a subjective view.
Originally by: LaVista Vista
The suggestion of a channel is more labour intensive than taking an API key.
Labour intensive? You need to write some initial code (which really shouldnt take much time), and then it runs automated. No extra "labour" needed.
Originally by: LaVista Vista
And so is doing it manually through evemail
Agreed. Anything that can't be automated is not worth bothering with in the first place. (Although with the new mail system - part of "New Eden" (formerly COSMOS) it might actually be doable - But would probably be messy)
<continued> BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.23 19:50:00 -
[3]
Now I understand full well that
a: You wish to avoid defaulters to withdraw ISK they have on other EBANK accounts. b: You wish to avoid RMT'ers to withdraw ISK.
Those *are* your stated reasons for this (API key) meassure right? Else please correct me.
oh and
c: Trying to re-coup idle/dead ISK that will never be claimed - To get a much needed ISK infusion into EBANK.
I'm not sure "c" has openly been used as a justification for this (API key) meassure though. But more a "co-incidential side effect". I've read the whole thread, and that's at least the impression I'm left with - If I misremember this, feel free to correct me (with a reference)
-------
Now...
a: Fair enough (read on however) And *this* is the *only* reason for needing API key's.
b: Frankly, unless CCP has asked you to act on this, this is none of your (EBANK) business nor concern. RMT is to be handled by CCP and no one else. Period.
To me it looks like an "a" or "c" in disquise tbh.
c: If you had come right out and said that this is a major part of your reasoning for wanting the API keys (to check for "dead" accounts - banned accounts, or people having left the game) I would have liked that much more.
Or maybe you did. Kinda.
Originally by: LaVista Vista
Say that we have 100bill worth of ISK that was owned by people who's banned, who will never withdraw their ISK? We'd have to make 100bill EXTRA before people could get their ISK back. That takes time.
However : To verify if an account is "dead" (banned) or not, you *do not* need API keys.
-------
Let me return to "a"
Just how many outstanding loans do EBANK have?
Aka just how many persons can possible "cheat" EBANK by having multiple accounts - Some with positive balances, and some with loans.
Ie. have you actually tried to calculate how much you can possible gain back from defaulters (by seizing their positive accounts)
Tbh. I think the ISK amount will be pretty damn low. Which invalidates option "a" altogether, and hence the need for API key.
Let me reason why I *think* (not a "fact" tyvm) this:
Scenario A: From the get go I'm deliberatly trying to scam EBANK on a 50B ISK loan. Lets say I actually manage to get the ISK.
Would I dare *risk* having other accounts with a positive balance in EBANK? That would be utterly stupid. If I was going to scam 50B from EBANK I would make damn sure they didnt have any of *my* ISK at hand.
Scenario B: In good faith I take out a 50B loan with EBANK. I get the loan. My business venture fails - And I decide to tell EBANK they aren't getting a penny back.
In this case I *needed* the 50B ISK. It thus stands to reason I would not have billions of ISK sitting iddle in other EBANK accounts.
I honestly can't think of a scenario where someone defaulting/scamming on a loan with EBANK would have substantial amounts of ISK stashed away elsewhere in EBANK accounts.
Thus eliminating the "a" reason for wanting the API key completly.
Only "c" is left, and that doesnt require an API key.
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.23 20:12:00 -
[4]
Originally by: Dumb Jerk D. Discourage investors from reclaiming their ISK if they have other alts on the account they feel the need to keep secret.
Just becomes another dead account then - (Sorta) covered by "c" (And no I don't think EBANK is *that* deceiving about their reasons)
Originally by: Dumb Jerk
E. Find out who some of the alts are that've been giving them so much grief on the forums. (I'm sure you'd love to know some too. )
I personally prefer *not* to know actually. Might be someone (the person) I like, thus making it hard for me to keep disliking the character. Would spoil the fun Can't answer on EBANK's behalf ofc - But again, I doubt they're that deceiving about their reasons.
I happen to know most of the EBANK people - And they're good people. Doesnt mean I agree with them on everything - And in this particular case I think they've made an error in judgement about the API key issue - And is thus calling them out on it.
Originally by: Dumb Jerk
I think the more relevant critique of the API requirement is that any thief/scammer worth his salt keeps his scam characters on a different account.
I mentioned that in my very first post in this thread. Should probably have included it again. But it's so obvious so.. *shrug*
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.23 20:56:00 -
[5]
@SencneS
I understand the mechanism.
But I honestly hope you don't think that Mr. X and Ms. A would be on the same account. That would kinda defeat the purpose of the ISK transfer in the first place.
Aka. API key check won't catch this in any way what so ever - and thus is an invalid (excuse?) reason for demanding the API key.
------------
Originally by: Ji Sama I agree with TS, its just an excuse to take peoples ISK.
Ah - Let me just clarify what I'm saying (as the above "paraphrasing" isn't quite what I'm saying)
What I (among other things) are saying is that I *think* EBANK really want's to null *dead* accounts. I personally think this is perfectly fine and justifiable - if the accounts are *truly* dead ofc.
What I *am* opposing is the way they intend to check if an account is dead or not (requireing API key)
EBANK don't even claim that an API key is necessary for this part of the process - Simply that it's "easiest". This doesnt sit well with me.
I've always worked with : "Do what's right, not what is easiest"
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.23 21:07:00 -
[6]
Agreed and understandable SencneS.
But please see that those characters simply won't be on the same account.
Thus no need for API Key.
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.23 21:28:00 -
[7]
@cosmoray
"BMBE probably has shareholders that are no longer around" Most likely. Not much I can do about that though as it's impossible to get back the shares.
However, The BIG Deal has a similar problem. The way I deal with it there is that if a client repeatedly doesn't pick up their weekly BPC's, I mail them that I've suspended their "account" (and thus I don't pay out any more weekly BPC's)
Note that I *suspend*, not cancel, their account.
This means that they can come back later and "re-activate" their account, and they simply pick up where the left of (note : They don't get whatever prints they've missed out on in the mean time) The "record" for re-activating is close to a year (ie. the client had been gone for nearly a year).
Now, I consider this an extreme service that I offer, and I'm not suggesting that EBANK does the same with their ISK accounts.
But.. It's an option
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.23 21:41:00 -
[8]
Originally by: SencneS If an account is found to be Banned which API can reveal, and we find out that, account transfered ISK to another character, and that characters ISK was frozen, then guess what, We'll be reversing that transfer as well.
Just as CCP does Transfer withdrawals, any account that matches this will have the same thing. Lets say someone purchased 1B, deposited it, transfered it to an account which 2B in it. That character which is NOT banned will not get that 1B ISK, it will get removed because the banned account it came from is a 1B ISK liability to EBANK.
Uhm... An account can be temp banned... But nvm that for now.
I hope you are not saying that you are reversing transfers simply because the originator account got banned?
Unless EBANK has been deducted the amount deposited (thus indicating RMT or similar nefarious activity) by the originator acount EBANK has lost no ISK, and has no reason to reverse anything.
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.23 21:55:00 -
[9]
Originally by: SencneS I would settle for permanent archiving, written off on EBANK's liabilities, and if at a later date the account becomes active again, the account is restored.
This is exactly how I handle "The BIG Deal" accounts (as detailed above) So I would support this. But as I wrote, I consider this an extreme service.
So perhaps, "suspend" the account first (EVE mailing the account holder of the action) - No interest etc paid while suspended. If the account holder hasnt returned to have his account re-activated withing 6/9/12 months, then close it.
Originally by: SencneS
P.S. Emailing accounts is not an option, sure we could get a very very small handful of accounts that people gave their email address to. We could notify those that have their email address in EBANK, that'll only be a small sample of accounts though. Not enough people gave their email address, so it's not really a viable option.
EVE mail - Not RL mail. BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.24 15:35:00 -
[10]
It all boils down to this
- Retroactively demanding API keys, simply isn't acceptable.
Whatever the intentions, good or bad, whatever the justifications, whatever the percieved "overall benefit", the above statement is fact.
It's really that simple.
---
And Ray, I know damn well that you personally would never accept if anyone did this to you. You would tear them a new one post-haste. So don't be such a hypocrite please (I've just realised that this is actually what bugs me the most about all of this - Apart from the fact itself)
I still consider you a BIGun, but dang.. it's getting tenuous. Hypocrisy simply can't co-exist with that tag. (This particular remark might not mean anything to the masses, but I know Ray know what it means)
BIG Lottery |
|
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.24 16:38:00 -
[11]
Edited by: TornSoul on 24/11/2009 16:41:30
Originally by: Ray McCormack
Originally by: TornSoul - Retroactively demanding API keys, simply isn't acceptable.
Circumstances dictate otherwise TS.
I agree completly that circumstances dictate drastic measures - You'll get no beef from me on that part.
It still doesnt change that
- Retroactively demanding API keys, simply isn't acceptable.
My point being : To come out of this "cleanly", you need to offer people an alternative.
If you do so, I think many (not all) will accept offering up their API keys, as they are no longer being strong armed to do so. Lots of the opposition stems (imo) from the simple fact that people hate being strong armed into something (look in the miror eh), and they will oppose it on that ground alone.
Offer up an alternative - See what happens.
As a "finger in the ground test" you could simply offer that people contact you (EBANK staff) in your channel. It wouldnt require any extra coding work or similar. If you get overwhelmed, you can call it off again (as it was just a "test" afterall"). Then it's ofc back to the drawing board for another alternative (to API keys).
But honestly, I doubt you'd be overwhelmed. Doing it this way requires a bit of work on behalf of the account holder (tracking down a teller) afterall, so only those that vehemently oppose giving out their API key will bother, the rest will simply offer up their API key as that's the easier option.
As has been pointed out, theres only some 280 posts in this thread, and by far not that many different posters.
Some scammers (et al) might get away, but face it, you are not going to catch all of them anyhow. Only the really stupid ones.
Why not give it a try?
It would leave everyone happy.
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.24 16:49:00 -
[12]
Edited by: TornSoul on 24/11/2009 16:57:31
Originally by: Ray McCormack
Originally by: TornSoul Why not give it a try?
It doesn't supply me with one of the key requirements, access to the information about someone's alternative characters.
Correct - In those few (my postulate) cases where people chose to do it like I suggest. But with everyone else you will.
A few, of those few, might be scammers you'd really like to catch (but thus won't) But on the other hand, there will be scammers you won't catch with the API keys either.
So you are accepting (out of necessity, due to the mechanics of multiple accounts) that you won't catch all even with the API keys. Accepting not catching a few, of the few, using my suggestion doesnt seem that different.
Besides : You won't catch those *anyhow* (so it's not like you are letting someone get away that you could have cought otherwise) - If they got enough ISK at stake to warrant doing a character transfer....
EDIT : Hell, those prefering not to offer up their API key, and contact you directly instead : That could actually be an indicator to you to take an extra carefull look a their transaction history, to see if anything "funky" is going on.
If it's simply an alt of someone owing EBANK ISK, and who hasnt made any transactions, you won't be any the wiser ofc.
But as has been abundantly pointed out, nor will you with an API key check (due to the possibility of character transfers)
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.24 17:05:00 -
[13]
Edited by: TornSoul on 24/11/2009 17:07:10
Originally by: Ray McCormack TS, I thought on all these points when the requirement was first mentioned a few months back. However I am happy with the reasons for its justification despite the arguments against them.
I'm extremely sad to read that.
As I just *know* you would never accept it being done to yourself.
---
I guess theres a first time even for this.. Sigh.
/end
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.24 17:23:00 -
[14]
The real question is : Would Ray stand for trying to be forced to do something he would not like to do.
Answer (and I guarantee you this is correct) : No, he would most definitely not.
Hence : A hypocrit.
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.24 17:56:00 -
[15]
With freezing the accounts you had no choice - In order to achive the goal you selected (we spoke about this remember...)
You could have gone for another goal, but you chose this one (keeping EBANK alive), doing that you where left with no choice.
---
In this case, the goal you have chosen, actually leaves you with choices.
But for reason that defy logic, you have chosen to rule out all options except one (API key).
It has repeatedly been demonstrated here that the goal you are trying to achieve, *can not* (to it's fullest) be achieved with the chosen method (API key)
*And* alternative methods, that will allow you to achive just as much of the goal (as API key will), has been presented to you.
You however refuse to include these.
---
No Ray - The two situations are not similar.
Not by a long shot.
Blackmail, as mentioned, sadly fits the bill well.
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.25 14:02:00 -
[16]
It's looking more and more like a case of burning down the house in order to kill the c.ockroaches.
Killing the c.ockroaches I can agree with - But there are alternatives to burning down the house.
Current management refuses to acknowledge this unfortunatly.
I'm thus forced to change my, up until now supportive, opinion on current management.
Originally by: TornSoul - Retroactively demanding API keys, simply isn't acceptable.
*c.ockroaches is a banned word... sigh... /me shakes head BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.26 16:19:00 -
[17]
Originally by: Leneerra Should an api key exist that only supplies character names (and corp names and even corp history) then I would accept handing that key over to ebank under duress. (I would still consider it unethical, but a randsom worth paying for access to my account)
I would agree to this as well. However, as stated, under duress.
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.29 07:37:00 -
[18]
Originally by: Phoebe Halliwel
Originally by: Ray McCormack If there was a trusted third party that provided a granular level of access to the API like this we would be willing to use them as an alternative to providing us with your Limited API Key - providing certain technical conditions were met.
Is that an "if/maybe" or will Ebank actually take steps and approach people?
<snip> I don't know whether TS would want to get involved with this, but he has acquired a reputation for being a stickler for the rules (no offence intended).
Done.
Have a look at BLEEP
It works excactly like the EVE API - The only difference is the domainname (http://bleep.big-eve.com as opposed to http://api.eve-online.com)
The website itself still needs some finishing touches - But the functionality is there.
I think this should be very usefull for all those forums that requires a (Limited) EVE API key, to ascertain it's a valid EVE char signing up.
With this, people no longer need to expose more info than necessary.
I'll get a prober thread started for the service later. (I'll link it here when I get around to it)
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.29 08:12:00 -
[19]
Added a <bleep filtered="true" /> node, that gets added to the XML if BLEEP has touched the content in anyway (ie. removed chars from the output).
If people use the BLEEP key that shows all chars, this node will *not* be present.
This way you can check if you got all character info or not.
Will this suffice, or would you prefer a different mechanism?
BIG Lottery |
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.29 08:28:00 -
[20]
Edited by: TornSoul on 29/11/2009 08:34:01 This may or may not be usefull info for when you plan your code:
If BLEEP is supplied with a userID and/or apikey it can't find in the BLEEP DB, those values are passed straight on to the EVE API to deal with.
This means a: That EVE API takes care of any error messages (this was the main reason for this functionality) b: That if you give BLEEP your EVE API keys (instead of BLEEP keys) then those gets passed straight on to the EVE API - and thus a valid result is still returned (i.e. just as if you had called the EVE API directly)
The consequence of b) above is that coders dont have to distinquish between EVE API keys and BLEEP keys - Simply give them to BLEEP and you'll get the correct data regardless if it's actaully an EVE API key or a BLEEP key.
Ie. in your code you don't have to test for which URL to call.
Does that (explanation) make sense...
I think it's kinda neat
May or may not be helpfull - But there it is.
EDIT : And I'm errr going to bed now, so it will be some hours before I'll be able to reply to any questions. Been up all night doing this litte thing... Took a wee bit longer than anticipated - As always
BIG Lottery |
|
TornSoul
BIG Libertas Fidelitas
|
Posted - 2009.11.29 19:00:00 -
[21]
"Official" BLEEP thread
Use this for discussions about BLEEP (that aren't relevant to this thread as such)
BIG Lottery |
|
|
|