EVE Information Portal

Why does everybody always go to the "if you have nothing to hide..." argument. I use my computer for more things than EVE and I take an NDA a lot more seriously than Darius III does. Let's say that CCP's data collection does actively collect a list of running applications (and I want to state that I have no objections to this, in fact it can be useful debugging if you want out that 80% of your crashes have occurred with a particular AV running or driver applet, etc) and I am running an application along side EVE that I am beta testing under NDA (be it game relation or otherwise) and EVE crashes, snapshots this list and sends it to CCP. I may now have violated an NDA as it relates to not revealing to anybody that I am in the beta, or that a beta even exists.

Had I had the chance to review crash logs ahead of time I would have seen that this application appears in the list and would have not sent the debug information to CCP, not because I don't want to, but because I would be breaking a contract with another entity. If the crash happened and I was not running this particular beta application I would have no issues sending a list of my other running applications to CCP. This has happened with other crash reporting software, things crash while I may be doing something under NDA or protected by other regulations or certifications (HIPAA, SOX, PCI, SAS70 take your pick, I deal with systems covered under some or all of these things) and I have to refuse to send a crash report.

I'm not worried about playing EVE and CCP transmitting the contents of my hard drive to them because I am not attributing malice to CCP's actions. We have an agreement (partially implied, partially explicitly laid out in the EULA) that CCP will send data back and forth between their servers and I'm reasonably certain that it's just data related to playing EVE Online. The addition of the crash reporting system is a very good step forward and my objections to it (which are past tense, CCP has responded that they are making it optional) were not based on my assumption that CCP was doing anything untoward, but by a need to protect myself from leaking data that I shouldn't, that under normal circumstances I would be perfectly fine with sending in a normal crash report.

So yes, I do have things to hide, but they aren't related to EVE online, and what I'm hiding is, quite frankly, should be of no concern to you, CCP or any other entity that does crash reporting.

Dude seriously if you are dealing with software under such severe NDA restrictions what on earth are you doing installing MMO games on the same hardware ? Not downplaying your argument here because it is valid, but if the business you're in is so sensitive against this kind of violations then you should be looking for hyper-secure dedicated hardware to put the NDA stuff on - not your gaming rig wth :-)

Because these NDA restrictions are standard for developers. I'm under NDA for SteamWorks and I have it on my PC, so, I shouldn't play EVE just because I have a library and some tools associated with it?
You're not supposed to do it on hyper-secure dedicated hardware anyways. You have to ensure (at least in my example) that reasonable precautions against data theft are met. A dedicated rig is way overkill most of the time.

Because the NDAs are fairly standard and there is no need to separate them onto different machines because I am aware of what applications report what and so long as applications are upfront with what they are doing and allow opt-in/out then there is no issue. I honestly would have no issues with EVE doing mandatory crash reporting so long as they were upfront with that happening and what data was being collected and more importantly, had a history of open communication on changes. It's the last one that concerns me for which is why I like the compromise of opt-in with the ability to review the data. Once CCP builds back up a level of trust, I'll be more willing to accept what they state at face value.

I'm also the kind of person that browses the web with plugins designed to turn everything off (no cookies, noScript, etc) and grant access as I trust sites, rather than just blindly jumping onto websites with a browser fully open and loading everything, getting hit by 0-day Flash and PDF exploits and ending up with more trojans and tracking than I can shake a stick at. Partially to protect myself, partially because I believe that I should be asked if a website can open up 15 flash programs, rather than forcing it open me.

In the mean time, stop running these super-double-secret beta programs that you're bragging about on an online forum at the same time as you're running EVE. EVE is a pretty busy game, and unless these other programs are batch processing programs that need to sit and calculate for a while, there's no reason they need to remain open while you're playing EVE. I agree that a send/don't send button would be nice, but in the end the NDA is your responsibility not CCPs and I wouldn't be running ANYTHING at the same time as a program whose publicized existence could make me liable.

First, I believe you need to look up the definition of "bragging". I was not bragging, I was merely stating an example. Also, I'm not sure what game you're playing, but EVE is generally not a 'busy' game. Except during instances of combat, a lot of EVE can be played with it in a window with only one eye paying attention to things happening while you actually do useful things in another window.

Also, I am aware that it's my responsibility, which is why I was asking for the ability to opt into the data collection with the ability to review the data being sent so that I can verify what CCP is collecting and make the determination on if the data can be sent. The alternatives are to not load EVE while doing other things (which may be a blessing in some respects) or take actions to block their crash reporting system (which wouldn't be of benefit to anybody as they would then never receive a crash report as I would just set it and forget it).

I honestly don't get why people are still on about this. CCP said "Hey, awesome crash collection stuff coming up!" to which the question was asked "Is it optional?" CCP quite reasonably said "Oops, not now but we'll make it so!" and everything was fine. I would have preferred it be optional on launch but, again, a Dev gave a reasonable alternative if there were any reservations about the system until they could add the opt in, and again, everything was fine.

Then people came out of the woodwork with "if you have nothing to hide..." crap which is why some of us were giving examples of why we would indeed care. Regardless of how relevant you think they are, I do appreciate that CCP has addressed the concerns.

This is even better news.

/Redundancy

I'm told the crash dumps are also saved to the cache folder so you're welcome to take a look at them as you like. While I can't promise anything I'm sure we can look into the feasibility of allowing you to view a dump prior to submission as part of the opting in/out process, but that might be farther down the line if at all.

Whoops, sorry Solo. I had taken it to mean that it operated the same way, and I thought that perhaps you had cross-posted with him and not seen it.

Didn't mean it to sound snarky, if it did.

Actually, no, that's not what has us 'all jittery'. I'm fine with CCP getting a list of all my running applications (as I have said before), injected into EVE or not, so long as they are up-front about it (hell, Sreegs is welcome to show up at my place unannounced, crash on my couch and go through my computer himself looking for bots) so I can make the decision as to what applications to run at the same time as EVE. I also want the chance to review what they are sending as they currently have some ground to cover to regain my full trust in their statements.

It's all about informed consent balancing against the need for privacy.