Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Heikki
Gallente Wreckless Abandon The UnAssociated
|
Posted - 2007.01.03 12:21:00 -
[1]
What kind of reasonable methods one could use to reduce the chance of a recruit being a spy or would-be-scammer to an acceptable level?
I believe it is impossible to totally safe from spies or traitors, yet would like to see our world having more friendlier policies than 'invitation only' type of corps can provide.
Most methods I've figured deal with concept of 'wastefulnes' (char being a throw-away alt), and of the reputation. Rest of the mail has list of some checks I've found useful, none of which are alone meant to be decisive element. Anyone got some more, or critics against usefulness of these?
- Does the character have NPC standings consistent to his backstory?. Rrunning missions, or killing even a single NPC will leave track. Hardly any standings usually implies the char being an alt, either skilless alt for scamming, or someone's dormant industrial alt.
- Is he able to provide screenshot of his skilltree? Preferably one showing your current convo, and fast enough to prevent photoshopping.
- Does the fellow have plausible motive for joining your type of corporation/alliance?
- Does search through http://www.eve-search.com indicate some (provable) problems with the character's reputation? Personally I believe that the reputation should be taken in the account even if the char was later sold.
- Everyone has, or can instantly create, 2 alts. Does the recruit have problems in convoing you with these two extra alts, or do these alts have any reputation problems?
- Does his employment history show a lot of corp-hopping (only few months in each corp), and if so, is there some good reason for that?
- Does his ex-CEOs have something to say about him? Or does he have some other preferred referral contacts? Usually when I've evemailed to couple previous ex-CEOs, the response rate has been pretty high, and comments useful.
- Does he have workable real life contact points? Email, MSN, homepages, blogs, etc. In the end we are always recruiting a person in to a community, rather than just the char.
And to help these checks further: if you spot a scammer/thief/spy, please post a warning to eve-online. Perhaps even after you spotted a recruit candinate outright lying.
Probably should (one day) have separate topic for post-recruitment methods (keeping internal records of alt-relations, activity notes, etc).
-Lasse with slight paranoia
|
Del369
Caldari Office linebackers Center for Disease Creation
|
Posted - 2007.01.03 12:32:00 -
[2]
Wise paranoia until CCP realise that the glories of being a pathetic sociopath need to be countered by the possibility of punishment, and right now they seem blinded by Jonny Depps eye patch. Screen shot of the login screen showing all 3 chars. Screenshot of the wallet, specially showing player donations. and everything you just mentioned. our corp would love to recruit, but until CCP stumble into the clue post and reward teamwork and trust i don't think thats gonna be happening. make sure you leave no Corp shares in the Corp wallet, get them all out of there, seems theres another easter egg CCP left, as in making some seemingly minor roles give full access to the Corp wallet, don't remember which ones off hand, but its nasty.
Originally by: Wrangler That is an outright lie! We don't want to discriminate anyone! We want *both* anti-social *and* social players to grief each other!
|
quellious
COLSUP Tau Ceti Federation
|
Posted - 2007.01.03 12:43:00 -
[3]
'the beer test' :
If one really need POS manager rights, drink several beers and discuss eve geopolitics before ... :)
Basically, you need a small group of very trustable player to manager sensitive assets.
Lastly, information leak can come also from people that were no spyes when they entered your alliance or corp. I had several char in convo selling informations during conflict, because either they had too few isk, either they were about to leave their current corp and dont care about reputation. Just make your members happy and proud about what their corporation. - > Order Falcon & Pilgrim > Colsup |
skilzrulz
Gallente
|
Posted - 2007.01.03 13:01:00 -
[4]
Or you could use the patented Heikki method and smartbomb them in the face.
|
Butter Dog
Wreckless Abandon The UnAssociated
|
Posted - 2007.01.03 13:44:00 -
[5]
Edited by: Butter Dog on 03/01/2007 13:45:27
I think part of the problem is that some spies are simply impossible to detect, if they are good. There would be nothing to distinguish them from 'real' pilots, at least during the stage where they are gaining trust and deeper access into the organisation.
Trust is hard to gain, and very easy to betray. A good spy knows that he should wait for his moment.
Of course, you can fight fire with fire... and use your own spies against enemies. But what if they become double agents, feeding back false intel whilst claiming a paycheck from the very organisation you sent them to spy on.
Paranoia is a very powerful thing. It can become crippling, it can destroy corporations. Most people are not spies, and you have to build a corporation accepting this fact, but introducting sufficient safe guards so that people really have to work for hangar access, POS rights etc.
I guess it comes down to damage limitation.
|
thoradh
AirHawk Alliance Freelancer Alliance
|
Posted - 2007.01.03 13:49:00 -
[6]
Originally by: Del369 Wise paranoia until CCP realise that the glories of being a pathetic sociopath need to be countered by the possibility of punishment, and right now they seem blinded by Jonny Depps eye patch.
absolutely spot on
The consequences are whats missing, there is no mechanism to identify and/or eradicate the dirty little spy, and considering the risks that would entail for any spy, it would surely add another layer of intrigue and risk vs reward into the game. > > Noli illegitimi carborundum! > |
Weebear
Celestial Horizon Corp. Ascendant Frontier
|
Posted - 2007.01.03 13:56:00 -
[7]
Edited by: Weebear on 03/01/2007 14:04:47 Those are all a good start. Although all easily circumvented if you are determined enough to gain access to a particular corp.
You would be surprised how many people you can catch out just by dropping in to the convo "Sorry, we have to refuse your application as we have evidence you scam / spy / are a bit of an idiot"
For screenshots, get the user to take them in window mode with the system clock showing. Also place a time limit on how long they have to reply.
I'm sure I probably have been conned into accepting apps, but we did try.
EDIT: Our recruitment has been closed for a while now, I'm not sure if the member tracker is a grantable role or if it is just the CEO. small to Medium corps should be able to make good use of that, although at CLS's largest it would have been a nightmare.
|
Irrilian
Eve University Ivy League
|
Posted - 2007.01.03 14:01:00 -
[8]
Though its more aimed at adding some risk and consequence to thievery and scams, Ive harped on about the need to be able to follow money/item movements here: ôMy name's Marlowe. General Sternwood wanted to see me.ö.
Risk vs reward for scams and thievery |
Zimi Vlasic
F.R.E.E. Explorer EVE Animal Control
|
Posted - 2007.01.03 14:09:00 -
[9]
Edited by: Zimi Vlasic on 03/01/2007 14:11:00
Originally by: Weebear Edited by: Weebear on 03/01/2007 14:04:47 Those are all a good start. Although all easily circumvented if you are determined enough to gain access to a particular corp.
You would be surprised how many people you can catch out just by dropping in to the convo "Sorry, we have to refuse your application as we have evidence you scam / spy / are a bit of an idiot"
For screenshots, get the user to take them in window mode with the system clock showing. Also place a time limit on how long they have to reply.
I'm sure I probably have been conned into accepting apps, but we did try.
EDIT: Our recruitment has been closed for a while now, I'm not sure if the member tracker is a grantable role or if it is just the CEO. small to Medium corps should be able to make good use of that, although at CLS's largest it would have been a nightmare.
The member tracker is a director's level tool, and I make extensive use of it :D
It always helps to know when and where new members are.
Find Roid, Examine, and Excavate Explorer |
DeWieKat
Xenobytes Against ALL Authorities
|
Posted - 2007.01.03 14:19:00 -
[10]
Edited by: DeWieKat on 03/01/2007 14:20:19 Edited by: DeWieKat on 03/01/2007 14:19:31 well, before to start discussion "how to prevent" u should first think of possible motivation of a spy. what moves a person to play on both/several sides? is he loyal to one side and does intelligence work on the other? or is it kinda feeling of superiority, maybe he gets a hard-on by cheating both to improve personal goals.. if u think about that first u might figure out a certain character propeties or obvios behavior...
well, those are my 2 cents.
edited spelling
|
|
Zimi Vlasic
F.R.E.E. Explorer EVE Animal Control
|
Posted - 2007.01.03 14:23:00 -
[11]
The reality is that there's actually only 10 real people that play eve. 10 people with thousands of alts, all trying to screw each-other over!
Find Roid, Examine, and Excavate Explorer |
Weebear
Celestial Horizon Corp. Ascendant Frontier
|
Posted - 2007.01.03 14:27:00 -
[12]
Pity, our recruiters were not all director level. I wasted a fortune on locator agents for people I was overly suspicious of as well :P
Seriously though, how difficult to make it a grantable role. So many ways that the recruitment process could be improved by CCP with very little effort :/ |
Joshua Foiritain
Gallente Coreli Corporation Corelum Syndicate
|
Posted - 2007.01.03 14:33:00 -
[13]
Originally by: Butter Dog I think part of the problem is that some spies are simply impossible to detect, if they are good. There would be nothing to distinguish them from 'real' pilots, at least during the stage where they are gaining trust and deeper access into the organization.
Good spy's ARE real pilots. They've got their own account, are several months old and trained to do something useful, theyre played as if they're primary accounts and they have all the real life info you could possibly want (Email, msn, Fake name, country of residence, etc).
The only way you can find one of these is by getting lucky, if the guy got busted during corp theft/sabotage his previous CEO(s) will be bale to tell you, if he didn't screw up then theres nothing that can stop him. -----
[Coreli Corporation Mainframe] |
Myadra
Amarr Blood Inquisition Sani Khal'Vecna
|
Posted - 2007.01.03 14:42:00 -
[14]
Edited by: Myadra on 03/01/2007 14:50:03
Some nice tips there, but why not recruite people you know are spys anyway?, & get them to do the grunt work, nothing like getting the enemy working for you? :)
As long as they're only on ts for that wing, when running gangs, of fleet, and FC's / High command only know whats going on not much they can do, and minimal hanger roles, and limited forum access, it might be good policy to accept spy's, cause you'll get them anyway, but you can just work them so hard, mining and hauling trit for you, till they quite eve on their mains too... all corps end up riddled with spys anyway.. if your smart about how you run your corp/alliance it won't effect your operations much
BL-IN site & Killboard |
Crucifier
The Collective Against ALL Authorities
|
Posted - 2007.01.03 14:53:00 -
[15]
Have him send you a screenshot of his wallet with "donations" showing up ------
|
aeti
Band of Brothers
|
Posted - 2007.01.03 15:11:00 -
[16]
Tie them up in a bag and throw them into a lake for 10mins
if they float, they are a spy.
|
Grimpak
Gallente Twisted Attitude
|
Posted - 2007.01.03 15:21:00 -
[17]
Edited by: Grimpak on 03/01/2007 15:25:18 first rule I've learned in EVE was that you cannot be paranoid enough -------
Originally by: Tiuwaz for caldari perception weapons that hit up to 100km are short range weapons
|
Butter Dog
Wreckless Abandon The UnAssociated
|
Posted - 2007.01.03 17:54:00 -
[18]
Originally by: Crucifier Have him send you a screenshot of his wallet with "donations" showing up
I rather like this one...
---------- I'm selling: Gotans Modified Stasis Web |
Von Zarovick
The Collective Against ALL Authorities
|
Posted - 2007.01.03 18:06:00 -
[19]
Making the character post a screenshot of Journal in wallet under player donations might also be usefull.
|
Dirtball
Kemono.
|
Posted - 2007.01.03 19:03:00 -
[20]
Buy new char, use gtcs top pay for char so its not rl money wasted.
Its wayyyyy to easy to make spys if you have isk. More spys = more isk, just dont get them "all" kicked out for fabricating killmails to buy hacs so that you can give them to your main.
Sig removed, lacks Eve-related content. If you would like further details please mail [email protected] - Cortes |
|
Futher Bezluden
Minmatar Red Dwarf Mining Corps
|
Posted - 2007.01.03 19:59:00 -
[21]
Ask for Screenshots of "Wallet/Journal: Player Donations" as well. Most alts have had money transferred to them. Might want to ask for TRADE screenie as well.
Not sure how well this will weed out the serious infiltrator, but worth a shot. THUKKER -Be Paranoid
|
Lorth
Body Count Inc. Mercenary Coalition
|
Posted - 2007.01.03 20:02:00 -
[22]
BDCI's excluzive team of Ninja pirate squireles, keep us free and clear fo spys.
|
Crucifier
The Collective Against ALL Authorities
|
Posted - 2007.01.03 20:03:00 -
[23]
Originally by: Futher Bezluden Ask for Screenshots of "Wallet/Journal: Player Donations" as well. Most alts have had money transferred to them. Might want to ask for TRADE screenie as well.
Not sure how well this will weed out the serious infiltrator, but worth a shot.
Already been sayd twice ------
|
Gunstar Zero
Caldari Reikoku Band of Brothers
|
Posted - 2007.01.03 20:23:00 -
[24]
Edited by: Gunstar Zero on 03/01/2007 20:23:26 - look up their last ten posts on the forums
|
blkmajik
ZiTek Prime Orbital Systems
|
Posted - 2007.01.03 22:39:00 -
[25]
Edited by: blkmajik on 03/01/2007 22:41:16 I put lots of thought into this a few months ago Here is what I came up with, but I never really shared it:
1) Screenshot of recruit's character selection screen. 2) Screenshot of recruit's client login window with login dropdown extended to show other accounts used. 3) Secured VNC server on recruit's PC during trial period to allow recruiter to: a) Look for other EVE installs to conceal other accounts. b) Look at web browser history/cache/cookies to find forum access to hostile corps/alliances c) Investigate local network for potential of other systems running other clients, and possibly run random packetdumps looking for EVE connections from other sources on the network (may request VNC on other systems found in case of a home network and suspicion). d) Look at wallet history, evemail, contacts, shares, player trade signs, where assets are located, etc for other signs (player must be logged in for this). e) Look at EVE cache chatlogs and gamelogs to find player trades, private channels, and convos the player has been involved in since last cache clear. d) (optional, if there are serious suspicions) Scan the filesystem MFT records (in NTFS at least) for deleted files. If anything relating to another eve install or cache cleaning was detected in a short time from the app date, be suspicious and maybe even try to recover some of these files for investigation.
(Best practice for VNC server: encrypt with stunnel and use a unique and strong password per recruit that only the recruiter and the recruit know. I prefer OpenVNC beta as a server. Also, the recruiter's home IP will be exposed, so they should also take extra precautions to lock down their system and network.)
Most of the VNC in-game stuff could be done with screenshots, but its a LOT of screenshots and if you pass the first two steps and you need to install VNC anyway, so it just makes things easier. And with VNC, if you find proof someone is a spy, you have the option to really scam the scammer, hard core!
In the initial screen shots, suggest having them run windowed mode with odd stuff in the background like a picture of a walrus and a picture of a chimpanzee or something else silly, and give them a 3 minute window to provide it via a fixed method (ie: printscreen pasted to MSPaint saved as a 32bit bmp and emailed). Don't use a standard system asking the same thing from everyone, as if the requirements are static, they can be leaked and photoshoped ahead of time.
Timestamps of the image file and other metatdata in the image are also good signs. A lot of photo editors leave fingerprints in the image metadata. Many image formats leave lots of nice things in EXIF tags, too.
Yes, this is extreme. Some legit candidates might get scared off due to privacy concerns. Without a good reputation, don't expect many recruits to let you implement a recruitment process like this. For serious corps with valuable assets and meaningful communications worth protecting, the recruit's gains will be worth the extra effort. As for trust, the recruit is asking your corp to trust them with access and inclusion to all private matters. I don't think its too much to ask them for access to some of their information as well, at least for a temporary period. Oh, and you have to pretty much have a forensics expert be involved in your recruiting process, which I don't think most corps have
Can it still be fooled? Sure, but its much more difficult. Is it a good practice for a corp with open recruitment? No, for obvious reasons.... but as I said, there isn't much of a good alternative
I don't think having your only option be this extreme and only for a moderate level of security is a good thing. It would be nice to implement a feature to allow directors the option to request to view things like a member's wallet transactions, correspondence, etc in-game. To bad
|
Dal Thrax
Caldari House Of Troy
|
Posted - 2007.01.03 23:03:00 -
[26]
Originally by: Heikki What kind of reasonable methods one could use to reduce the chance of a recruit being a spy or would-be-scammer to an acceptable level?
I believe it is impossible to totally safe from spies or traitors, yet would like to see our world having more friendlier policies than 'invitation only' type of corps can provide.
Most methods I've figured deal with concept of 'wastefulnes' (char being a throw-away alt), and of the reputation. Rest of the mail has list of some checks I've found useful, none of which are alone meant to be decisive element. Anyone got some more, or critics against usefulness of these?
- Does the character have NPC standings consistent to his backstory?. Rrunning missions, or killing even a single NPC will leave track. Hardly any standings usually implies the char being an alt, either skilless alt for scamming, or someone's dormant industrial alt.
- Is he able to provide screenshot of his skilltree? Preferably one showing your current convo, and fast enough to prevent photoshopping.
- Does the fellow have plausible motive for joining your type of corporation/alliance?
- Does search through http://www.eve-search.com indicate some (provable) problems with the character's reputation? Personally I believe that the reputation should be taken in the account even if the char was later sold.
- Everyone has, or can instantly create, 2 alts. Does the recruit have problems in convoing you with these two extra alts, or do these alts have any reputation problems?
- Does his employment history show a lot of corp-hopping (only few months in each corp), and if so, is there some good reason for that?
- Does his ex-CEOs have something to say about him? Or does he have some other preferred referral contacts? Usually when I've evemailed to couple previous ex-CEOs, the response rate has been pretty high, and comments useful.
- Does he have workable real life contact points? Email, MSN, homepages, blogs, etc. In the end we are always recruiting a person in to a community, rather than just the char.
And to help these checks further: if you spot a scammer/thief/spy, please post a warning to eve-online. Perhaps even after you spotted a recruit candinate outright lying.
Probably should (one day) have separate topic for post-recruitment methods (keeping internal records of alt-relations, activity notes, etc).
-Lasse with slight paranoia
Have him fax or e-mail you a real world NDA (non-disclosure agreement).
|
ollobrains
Privateers Privateer Alliance
|
Posted - 2007.01.03 23:17:00 -
[27]
to the guy using VNC software to check the other guys computer - u will find u are a) breaking the rules of eve via EULA regarding privacy issues b) liable for account ban c) may also be liable in RL under various privacy laws etc
U might want to be very careful screenshots are fine yes but tracking software and remotley checking cookies etc could lead u to RL legal issues u might want to check with CCP or u could find youreself being sued for quite large $$$ amounts if the recruits account was hacked or computer was hacked.
Just something to consider.
Id like to hear CCPs view on this plus also anyone in the legal area with regards to privacy breaches
|
Joshua Foiritain
Gallente Coreli Corporation Corelum Syndicate
|
Posted - 2007.01.03 23:23:00 -
[28]
Originally by: Crucifier Have him send you a screenshot of his wallet with "donations" showing up
Select Acceleration gate fee, hit load, "No Records Found", select "Player Donations", Take screenshot. Done -----
[Coreli Corporation Mainframe] |
Shirei
Minmatar Cutting Edge Incorporated
|
Posted - 2007.01.03 23:23:00 -
[29]
Originally by: blkmajik
2) Screenshot of recruit's client login window with login dropdown extended to show other accounts used.
Quite a few corps ask for this, but CCP sees it as a breach of the EULA (you are asking people to transmit part of their login details, which is prohibited), so expect to get warnings, if people petition you for it.
As for the whole 'yeah, let me monitor your PC for a week' thing - LOL. First of all it's not that hard to circumvent, if you put your mind to it (e.g. only install it on some notebook you don't use much, use VMWare or something of the sort). And secondly I don't think anyone would be dumb enough to give you access to large amounts of RL personal information to get into some corp they barely know in a game. I certainly wouldn't want some random guy I've never met or talked to snooping around in my account statements etc..
|
ollobrains
Privateers Privateer Alliance
|
Posted - 2007.01.03 23:27:00 -
[30]
Originally by: Shirei
Originally by: blkmajik
2) Screenshot of recruit's client login window with login dropdown extended to show other accounts used.
Quite a few corps ask for this, but CCP sees it as a breach of the EULA (you are asking people to transmit part of their login details, which is prohibited), so expect to get warnings, if people petition you for it.
As for the whole 'yeah, let me monitor your PC for a week' thing - LOL. First of all it's not that hard to circumvent, if you put your mind to it (e.g. only install it on some notebook you don't use much, use VMWare or something of the sort). And secondly I don't think anyone would be dumb enough to give you access to large amounts of RL personal information to get into some corp they barely know in a game. I certainly wouldn't want some random guy I've never met or talked to snooping around in my account statements etc..
i can see it now ppl applying to join POS and when asked to give details such as those said in this thread breaking the EULA and then petitiioning CCP
Prime orbital systems recruitment guys may want to review their recruitment procedures as tbh numerous EULA breaches and perhaps legal breaches regarding remote monitoring software - u would probably actually need real world legal Non disclosure agreements and complex legal agreements to be able to pull it off.
|
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |