These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Issues, Workarounds & Localization

 
  • Topic is locked indefinitely.
 

Why does the eve client broadcast my username in plaintext?

First post
Author
Florestan Bronstein
Ministry of War
Amarr Empire
#1 - 2011-10-30 09:38:58 UTC  |  Edited by: Florestan Bronstein
When requesting the login screen ads and MOTD, the EVE client includes my username along with some software/hardware information in the query.

Example:

http://www.eveonline.com/motd.asp?server=87.237.38.200&platform_extra=1&client_bitcount=32&protocol=2&platform_type=workstation&platform_bitcount=64&n=306979&intended_platform=win&edition=premium&s=Tranquility&actual_platform=win&u=myeveusername&card_name=ATI+Radeon+HD+4800+Series+++++++++&affiliate_id=&platform_version=6.1&client_fullversion=7.11.306979

Of course the username is a rather weak secret as we have to share it with single persons when buying a character but we generally like to keep it secret anyways (e.g. the old API system did not use username and instead an account id).

In fact the old API page states explicitly:

Quote:
Do not give out your account username or password to any person, program, or web site. Please keep in mind that doing so is a violation of the EULA and can lead to account termination.

and then the EVE client broadcasts my username in plaintext to everyone who wants to listen?

That seems kinda weird and unnecessary.
Tonto Auri
Vhero' Multipurpose Corp
#2 - 2011-10-30 13:50:30 UTC
Your thread is off-opic here.

Two most common elements in the universe are hydrogen and stupidity. -- Harlan Ellison

Blue Binary
Polychoron
#3 - 2011-10-30 14:34:31 UTC  |  Edited by: Blue Binary
It would probably be better for CCP to use the account ID for the query rather than a named username and use a secure connection. Do you have evidence the client can broadcast this information to other sites?

If malware or a keylogger was intercepting it you would have bigger problems anyway, as they would be capturing your passwords.
Florestan Bronstein
Ministry of War
Amarr Empire
#4 - 2011-10-31 20:59:38 UTC  |  Edited by: Florestan Bronstein
Blue Binary wrote:
Do you have evidence the client can broadcast this information to other sites?

I don't think it does.

Blue Binary wrote:
If malware or a keylogger was intercepting it you would have bigger problems anyway, as they would be capturing your passwords.

some people might want to use eve on open wifi networks
Dragonaire
Here there be Dragons
#5 - 2011-11-01 06:18:23 UTC
Quote:
some people might want to use eve on open wifi networks
If they are doing that then that little bit of info is the least of their problems since as far as I know Eve doesn't use https anyway for connection but I could be wrong.

Finds camping stations from the inside much easier. Designer of Yapeal for the Eve API. Check out the Yapeal PHP API Library thread.

CCP Spitfire
C C P
C C P Alliance
#6 - 2011-11-01 08:01:11 UTC
Moved from "EVE Technology Lab".

CCP Spitfire | Marketing & Sales Team @ccp_spitfire