| Pages: [1] 2 :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
TheTradeMonkey
University of Caille
Gallente Federation
0
   |
Posted - 2012.01.10 09:34:00 -
[1] - Quote
I'm talking about a situation where a CEO asks for one in an effort to increase corp security and it seems alot of people would rather leave a corp than hand over their API.
I could understand an unease about handing it over if it allows the CEO to see wallet transactions if you're a trader but then any corp that used that information is pretty ******.
I can understand not wanting people to read your evemails either which I think you can do with the new one (although I'm not entirely sure).
If it lets someone see you other characters, skill sheet, skill queue, whoGÇÖs been sending you isk etc
It can tell a CEO what alts you have, whether you know what youGÇÖre doing when it comes to skilling if you're being funded by another character.
but beyond that, what's the big deal?
not trolling, genuinely want to know as I'm failing to see the other side of the coin. |
Valei Khurelem
129
|
Posted - 2012.01.10 09:41:00 -
[2] - Quote
Some people just take this game too seriously. |
Abdiel Kavash
Paladin Order
Fidelas Constans
297
|
Posted - 2012.01.10 10:13:00 -
[3] - Quote
Some people are bad spies and can't cover up their tracks. |
Endeavour Starfleet
Center for Advanced Studies
Gallente Federation
531
|
Posted - 2012.01.10 10:34:00 -
[4] - Quote
While it may expose the dumbest of spies. Full API is nothing but an invasion into the activities of the member involved. Some people communicate with friends over EVEmail. Or are considering other corps. Only a pure idiot would do spy communications via the character in the corp.
Also I suspect a growing want of the keys is to detect if members purchase alts from the Eve forum to run things like incursions with. They are losing the ability to have direct control over their memberbase so demanding full API is one of their attempts of establishing their version of Order. Which is of course the ole "Come to the CTA or log the **** out"
If my main joins a corp. Said corp gets a limited key to check for skills and basic info and that is it. I am willing to be a bit more lenient on smaller corps if I join as they don't have the resources to help isolate spies as much. But a full API is simply out of the question.
This is one of the reasons I hope CCP implements a modular corp and POS system in the future. Once demand for members is up due to the lesser security risk. This bs about full API will mostly vanish.
Edit:
Quote:If it lets someone see you other characters, skill sheet, skill queue, whoGÇÖs been sending you isk etc
It can tell a CEO what alts you have, whether you know what youGÇÖre doing when it comes to skilling if you're being funded by another character.
That is none of your business. Said alts are not joining your corp. And people may want to keep them hidden to serve as a means to make funds when in combat elsewhere. |
March rabbit
Ganse
Shadow of xXDEATHXx
106
|
Posted - 2012.01.10 10:46:00 -
[5] - Quote
Endeavour Starfleet wrote:Quote:If it lets someone see you other characters, skill sheet, skill queue, whoGÇÖs been sending you isk etc
It can tell a CEO what alts you have, whether you know what youGÇÖre doing when it comes to skilling if you're being funded by another character. That is none of your business. Said alts are not joining your corp. And people may want to keep them hidden to serve as a means to make funds when in combat elsewhere.
let's say: you join corp with one of your alts and second alt is in other corp. Let's say these corps are red to each other. Or they are in 0.0 and in "non-blue" alliances to each other.
Still non of CEO's business? |
Thorn Galen
Bene Gesserit ChapterHouse
Sanctuary Pact
342
|
Posted - 2012.01.10 10:47:00 -
[6] - Quote
The only API details any Corp. should ever need from their members is the Limited API key. Charac ter Sheet, Skills, Skillqueue.
Anything beyond that is an invasion of privacy and is also open to abuse.
Edit : There are other, far better ways of determining if you have spies in your Corp or not.
Going the Full API route is ludricous.
o/
The universe is an ancient desert, a vast wasteland with only occasional habitable planets as oases. We Fremen, comfortable with deserts, shall now venture into another. - STILGAR, From the Sietch to the Stars. |
TheTradeMonkey
University of Caille
Gallente Federation
0
|
Posted - 2012.01.10 11:07:00 -
[7] - Quote
Thorn Galen wrote:Edit : There are other, far better ways of determining if you have spies in your Corp or not.
Going the Full API route is ludricous.
o/
Care to expand on this?
I'd be interested to hear about other ways.
short of "duping" a spy into doing something stupid |
Endeavour Starfleet
Center for Advanced Studies
Gallente Federation
532
|
Posted - 2012.01.10 11:07:00 -
[8] - Quote
March rabbit wrote:Endeavour Starfleet wrote:Quote:If it lets someone see you other characters, skill sheet, skill queue, whoGÇÖs been sending you isk etc
It can tell a CEO what alts you have, whether you know what youGÇÖre doing when it comes to skilling if you're being funded by another character. That is none of your business. Said alts are not joining your corp. And people may want to keep them hidden to serve as a means to make funds when in combat elsewhere. let's say: you join corp with one of your alts and second alt is in other corp. Let's say these corps are red to each other. Or they are in 0.0 and in "non-blue" alliances to each other. Still non of CEO's business?
Yes.
If said player was serious about playing both sides then it is called having 2 accounts. It is none of your business to be able to see if the player has bought an incursion alt or wants to run a small SP alt in a hisec corp. |
Endeavour Starfleet
Center for Advanced Studies
Gallente Federation
532
|
Posted - 2012.01.10 11:10:00 -
[9] - Quote
TheTradeMonkey wrote:Thorn Galen wrote:Edit : There are other, far better ways of determining if you have spies in your Corp or not.
Going the Full API route is ludricous.
o/ Care to expand on this? I'd be interested to hear about other ways. short of "duping" a spy into doing something stupid
What makes you think a serious spy is going to leave something that a full API can detect? Besides any alliance worth its name knows that the moment you come up with something that you say over any communication. The enemy knows about it. Spies are everywhere.
It is not about spy control it is about member control. |
Thorn Galen
Bene Gesserit ChapterHouse
Sanctuary Pact
342
|
Posted - 2012.01.10 11:14:00 -
[10] - Quote
Endeavour Starfleet wrote:What makes you think a serious spy is going to leave something that a full API can detect? Besides any alliance worth its name knows that the moment you come up with something that you say over any communication. The enemy knows about it. Spies are everywhere.
It is not about spy control it is about member control.
Quoted for truth. It's about member control and recruitment policy.
o/
The universe is an ancient desert, a vast wasteland with only occasional habitable planets as oases. We Fremen, comfortable with deserts, shall now venture into another. - STILGAR, From the Sietch to the Stars. |
March rabbit
Ganse
Shadow of xXDEATHXx
106
|
Posted - 2012.01.10 11:15:00 -
[11] - Quote
Endeavour Starfleet wrote:March rabbit wrote:Endeavour Starfleet wrote:Quote:If it lets someone see you other characters, skill sheet, skill queue, whoGÇÖs been sending you isk etc
It can tell a CEO what alts you have, whether you know what youGÇÖre doing when it comes to skilling if you're being funded by another character. That is none of your business. Said alts are not joining your corp. And people may want to keep them hidden to serve as a means to make funds when in combat elsewhere. let's say: you join corp with one of your alts and second alt is in other corp. Let's say these corps are red to each other. Or they are in 0.0 and in "non-blue" alliances to each other. Still non of CEO's business? If said player was serious about playing both sides then it is called SPYING
fixed for you. And no. This IS NOT outside of CEO business.
well. you have never had situations when your enemy knows every ship, fit and move of your fleet?
I have had it few times. This is real pain i would say. When you loose battle before start just because of some ****** spy in your corp/alliance. When your every command on comms is known to your opponent.
Maybe some day you will understand it.... When you start to play MULTIPLAYER Eve and not only INCURSION Online. |
TheTradeMonkey
University of Caille
Gallente Federation
0
|
Posted - 2012.01.10 11:20:00 -
[12] - Quote
Endeavour Starfleet wrote:
a serious spy
Is that you agreeing that it serves the purpose of filtering out terrible\lolspys ?
Obviously a serious spy would cover it's tracks much better than others but there are some who would transfer isk directly to their spy alt (because it's easy) etc and if it weeds out them then it's doing a job.
It's not about invasion or privacy, it's more about making corp life safer and more fun for corp members.
I'm talking about this from a smaller (sub 50 players) empire\low sec corp rather than a 0.0 alliance level.
How would you go about weeding out spys then? |
Endeavour Starfleet
Center for Advanced Studies
Gallente Federation
532
|
Posted - 2012.01.10 11:22:00 -
[13] - Quote
Been in nullsec multiple times, dealt with spy issues, shot crap for hours and had a few good fights. It is not just about incursions for me. (Ever saw my topic about adding balance to cloaking?)
Again if they are a serious spy they will have multiple accounts.
Of course I am not saying anything should force you to accept anything less than full api. However I do think people willingness to let you invade their in game privacy is due to the broken system of Corp and POS management. With that fixed there will be more corps that will take members for the standard skillsheet check. And those that demand full API will be less popular.
TheTradeMonkey wrote:Endeavour Starfleet wrote:
a serious spy
Is that you agreeing that it serves the purpose of filtering out terrible\lolspys ? Obviously a serious spy would cover it's tracks much better than others but there are some who would transfer isk directly to their spy alt (because it's easy) etc and if it weeds out them then it's doing a job. It's not about invasion or privacy, it's more about making corp life safer and more fun for corp members. I'm talking about this from a smaller (sub 50 players) empire\low sec corp rather than a 0.0 alliance level. How would you go about weeding out spys then?
Sounds like you have recently changed to a "demand full api" system and are shocked that members are leaving your small corp. It is called you have no incentive for them to stay and the issue of prying into their in game privacy. That is not a winning combination for a corp.
You arent weeding out spiez. You are weeding out members saying "My character is too old for this ****" |
TheTradeMonkey
University of Caille
Gallente Federation
0
|
Posted - 2012.01.10 11:43:00 -
[14] - Quote
Endeavour Starfleet wrote:
Sounds like you have recently changed to a "demand full api" system
It's not even a full api request, it was for an incredibly limited api (character list\skill sheet).
I'm trying to get my head round the mind set of it all and in all honesty, I'm struggling.
The question still stands though, how do you filter for spys?
oh and bar "reading my eve mails" I've not heard much that makes me buy into this "OMFG API AAAHHHH"
Also, what corp pos thing? |
Zowie Powers
Hole in the wall
38
|
Posted - 2012.01.10 12:04:00 -
[15] - Quote
You are taking the same risk they are.
Don't give them anything unless they are prepared to give you the same info on all the members.
After all, they can't claim they don't have them, otherwise, why is he singling you out for scrutiny and never them?
Stand your ground, the CEO is only exercising the small piece of power he has in his existence. It's pretty understandable. He probably thinks the 1s and 0s he stored on CCP's computers have some value. It's kinda of cute really. When you think about it. Poor guy. |
Ursula LeGuinn
29
|
Posted - 2012.01.10 12:14:00 -
[16] - Quote
TheTradeMonkey wrote:[quote=Endeavour Starfleet]I'm trying to get my head round the mind set of it all and in all honesty, I'm struggling.
Some people simply enjoy their privacy. I don't want anyone reading all of my mail messages. There's nothing incriminating in there that I know of, but I have years' worth of messages saved and I don't want people prying. I don't want them seeing my assets, my finances, my contacts, everything.
Speaking of contacts, what if I have personal friends from 2007 (I actually do) who are now in various nullsec alliances (many actually are), some of which might be red to the corp/alliance I'm trying to join? Do I need to make sure they're red or delete them?
If I wanted to join a corp/alliance and they demanded a full API, I'd probably give it to them, since I know I have nothing to hide. It's just bothersome that CCP has devised and implemented a system that allows player leaders to demand and expect full access to every aspect of someone's character.
"The EVE forums are intended to provide a warm, friendly atmosphere for the EVE community."-áGÇö-áEVElopedia |
MatrixSkye Mk2
Republic University
Minmatar Republic
122
|
Posted - 2012.01.10 12:23:00 -
[17] - Quote
Zowie Powers wrote:You are taking the same risk they are.
Don't give them anything unless they are prepared to give you the same info on all the members.
After all, they can't claim they don't have them, otherwise, why is he singling you out for scrutiny and never them?
Stand your ground, the CEO is only exercising the small piece of power he has in his existence. It's pretty understandable. He probably thinks the 1s and 0s he stored on CCP's computers have some value. It's kinda of cute really. When you think about it. Poor guy.
If they have no value then why is the CEO so interested in obtaining these "1's and 0's"?
I've found that those spouting "1'a and 0's" have no value are usually the folks that value them the most. Go figure. |
Florestan Bronstein
United Highsec Front
The 99 Percent
363
|
Posted - 2012.01.10 12:24:00 -
[18] - Quote
TheTradeMonkey wrote:
The question still stands though, how do you filter for spys?
aside from API:
forum search - special attention to character bazaar and Timecode Bazaar.
checking employment history - maybe there are some alt corps in there? evewho is great for this sort of thing
checking contracts history - not complete but it might give you some pointers
checking killboards - who did he fly with? who did he kill?
If you have your own spies inside entities that you suspect to spy on you you can also do interesting stuff like
* watermarking important forum posts/announcements to trace leaks (look for the PL forum mirror it has some nice info on this: idea is that you display different versions of the same post to each viewer, e.g. by automatically replacing some characters with equally looking but different unicode characters based on the viewer's forum userid; or by offering different combinations of synonyms - e.g. four words with one possible synonym for each gives you 16 different versions of the forum post which already cuts down the number of people you suspect of having leaked the post considerably)
* harvesting IPs, e.g. post a link to some funny image hosted on a server you have access to on your enemies' forum, log IPs & timestamps which access that image, try to connect them to characters that replied to your post, compare to your own people's IPs that you harvested through your TeamSpeak server.
(or have your spy post a link to your file during some roam, that way you know pretty well who has clicked it, try to correlate IPs with characters by e.g. using the country information displayed by TeamSpeak; If there is only one German in the roam the German IP is probably him).
Also use voicecomms logs to look for people who listen in on ops but don't participate (or people who only log in for pvp ops). Check IPs that access your own forums or voicecomms for obvious proxies/VPN providers.
* ... |
Skydell
Space Mermaids
93
|
Posted - 2012.01.10 12:29:00 -
[19] - Quote
Thorn Galen wrote:The only API details any Corp. should ever need from their members is the Limited API key. Charac ter Sheet, Skills, Skillqueue.
Anything beyond that is an invasion of privacy and is also open to abuse.
Edit : There are other, far better ways of determining if you have spies in your Corp or not.
Going the Full API route is ludricous.
o/
This is the only one I have ever been asked about.
I give coprs and alliances my API simply because A: I can change it if I leave the corp anf B: If I'm a serious spy the infiltration will happen with a new account. API request is a feeble attempt to confront the gaping holes put in the game with meta gaming. It really doesn't do anything to prevent it. You know the saying, Locks are for honest people? Same is true if spies, if they want in they will find a way.
|
Mara Rinn
Cosmic Industrial Complex
Cosmic Consortium
898
|
Posted - 2012.01.10 12:35:00 -
[20] - Quote
TheTradeMonkey wrote:How would you go about weeding out spys then?
Full API keys make it easier to infiltrate corporations. They get Full API key, suddenly they feel more confident that you're not a spy, even though you are. They can go through assets and wallet journals with a fine toothed comb, search for nonexistent killmails, search for nonexistent forum posts, perform forensic accounting until the cows come home. The fact that your pirate alt is on a different account never shows up on the API search.
Full API key auditing is security theatre. It will only ever weed out the truly incompetent spies.
Of course, having finer grained control over who is allowed to do what with which corporate asset would make life much easier for everyone. At this POS, you can submit private research jobs which will get delivered back to your own hangar! At that POS you have no access to anything. At the other POS you can submit manufacturing jobs, and none of the POSes let you see what other people are researching/inventing/manufacturing.
And you certainly can't touch the Ragnarok BPO that the CEO is doing ME research on.
|
Ursula LeGuinn
31
|
Posted - 2012.01.10 12:47:00 -
[21] - Quote
Florestan Bronstein wrote:***a whole bunch of stuff***
That's some pretty impressive spycraft you outlined right there.
"The EVE forums are intended to provide a warm, friendly atmosphere for the EVE community."-áGÇö-áEVElopedia |
Florestan Bronstein
United Highsec Front
The 99 Percent
365
|
Posted - 2012.01.10 12:54:00 -
[22] - Quote
Ursula LeGuinn wrote:Florestan Bronstein wrote:***a whole bunch of stuff*** That's some pretty impressive spycraft you outlined right there.
http://jdel.eu/pandemic/forums/forum-123-.html
check the Phantom Works subsections. |
Ursula LeGuinn
31
|
Posted - 2012.01.10 13:03:00 -
[23] - Quote
Florestan Bronstein wrote:
On the one hand, I love the fact that EVE creates these layers of secrecy, paranoia and shady activity, although I'm sure it annoys people who'd rather not deal with it at all.
It's too bad so much of it is necessarily meta-game, though.
"The EVE forums are intended to provide a warm, friendly atmosphere for the EVE community."-áGÇö-áEVElopedia |
Mr Kidd
Center for Advanced Studies
Gallente Federation
347
|
Posted - 2012.01.10 14:14:00 -
[24] - Quote
Full API access is invasion of one's in-game privacy. The idea that the CEO is going to conduct or pay someone to conduct an investigation utilizing all that information is ludicrous, especially for every member of the corp. In order to do such an investigation you're talking about looking at all facets of information in that API for patterns in activities that indicate such, investigating possibly hundreds of contacts, emails, contract histories, trades, etc, etc times 3 for all the characters on the account. You're literally talking about hours of RL work for each member, especially the older ones.
I believe, the full API has become a "test" of loyalty more than a spy detector. It's a shame, really. Any spy worth his salt is going to make sure that the character being used to infiltrate your corp has no such linkages to nefarious activities. Not all spies infiltrate with intent to do conspicuous damage. The good spy never has to use his spying account to relay information or accept isk transfers or do anything that would say "I'ma spy!". So, API as a spy detector....yeah, works.....only for the spies bad at being spies.
We want breast augmentations and sluttier clothing in the NeX! |
Buruk Utama
Science and Trade Institute
Caldari State
75
|
Posted - 2012.01.10 15:02:00 -
[25] - Quote
I regularly purchase characters out of eve forums as it is a great business venture and also fun to use/learn the different play styles. Never had an issue placing the pilots in various corps when I wanted to have fun with them as I'm normally upfront about the pilot and its acquisition history. However, in my experience, the corps that want the most API are usually headed up by little mini-dictators who are paranoid as any RL dictator.
Demanding full API because of "spy" is extremely paranoid and speaks volumes about your leadership. Since the next progression will be to place new members on "probation" where you will "watch" them and what they do. Any little off-colored action will be solemnly marked down as characteristic of a spy and you may be booted without warning or directly accused. If directly accused, and you deny, you are spy; if you admit, you are spy.
Basically, once the CEO becomes paranoid that spies are out to ruin his mini-empire the game is over for him as he will spend more of his time trying to ferret out these ghost and probably erect a wall around him that prevents real meaningful relationship creation. The flip side to this, a good spy will cause the CEO to rampage down this path and will be the CEO's best friend up until the end...so was he justifiably paranoid?
If you can't trust your corp members then you are in the wrong corp. Just keep your super secret assets to yourself and if you lose a fight due to spy oh well, these are only space pixels.
Edit: The good spies will create separate personas for the character they place; complete with back story of their RL issues/education/family, etc. Most spies will get what they need upon joining from the channels, alliance website, corporate bulletins as so much information is posted there. Really dedicated spies are there to either rank up and affect leadership or steal stuff. |
Gerald Taric
F-H Schwerindustrie und Sicherheit
KRAUTZ-FEDERATION
26
|
Posted - 2012.01.10 15:15:00 -
[26] - Quote
Whenever i will be asked for an API key with certain priviledges, i will ask back, for which purposes he/she belives to need it.
If he/she is able to convince me about the common advantage, i may create an adapted, limited key for him/her.
Full API key access - and thus access to ingame mail and notifications - is definitelly not an option and will be refused by me in any case. |
March rabbit
Ganse
Shadow of xXDEATHXx
106
|
Posted - 2012.01.10 16:37:00 -
[27] - Quote
Well. Decline in giving full API to check is a good thing for me as one of recruiters. 
Using corp policy "full API is needed" i easily drop part of my job and have more time to play instead of checking, interviewing, training and supporting newcomers 
So guys. Pleeease. The more people hide their APIs the more time i can spend to the game
And on a serious note. Yes, i know that properly fitted spy won't be caught by API. This measure is just a simple locker on your door. Everyone knows that there is no unbreakable locker exists. What was built by people can always be destroyed by people.
However no one will have his door unlocked and opened just because of this principle.
So the full API, KB, forums and google checks are locker on your door. Will stop lazy unskilled and not-determined hacker. Or just person you would not have in your corp. Some possibility for random mistake from spy as bonus.
There is one more thing exist. If you know almost everyone from your corp by real Name, where he lives, who is he in RL, etc... you will not want strangers came to this group. So newcomer will have many personal questions. After all you need to trust a little to your corpmembers. And if you are "too hidden" you have significally less chances to get into this group of people. This is just like in RL. Nothing really differs. "Internet space pixels" you say? Nope. This is time spent to make something, team work, real effort, real money maybe. |
KrakizBad
Eve Defence Force
Fatal Ascension
184
|
Posted - 2012.01.10 16:46:00 -
[28] - Quote
Endeavour Starfleet wrote:They are losing the ability to have direct control over their memberbase so demanding full API is one of their attempts of establishing their version of Order. Which is of course the ole "Come to the CTA or log the **** out"
You've been beating this ridiculous drum for days now. Name and shame this alliance you claim is doing this or just get out. Not one single alliance in CFC does this.
http://dl.dropbox.com/u/39006524/DumbHiseccers.jpg |
Embrace My Hate
Black Horizon.
Test Friends Please Ignore
89
|
Posted - 2012.01.10 17:56:00 -
[29] - Quote
Naturally, People fear what they don't understand. |
Borun Tal
Cubicle Warriors from 'merica
29
|
Posted - 2012.01.10 18:14:00 -
[30] - Quote
Someone's paranoid about the API keys? Uh, ok... Does a recruiter hope to gain insight into the TOON or the person BEHIND the toon? And what does seeing two alts of three on one account do for anyone that seriously wants to do the spy thing? Are you going to demand all APIs on all accounts, knowing SURELY that the person will give them ALL up?
The API key thing for recruiting is just patently stupid. Good luck trying to justify it, cuz it won't work. |
| |
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |