These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

A question regarding the privacy of EVE-mail.

First post
Author
Candi LeMew
Division 13
#101 - 2015-02-16 00:53:17 UTC
A nice post. Can only think of a couple things to reply to personally.

Marsha Mallow wrote:
I'm not keen on groups who demand continuous API access, so I don't play with those neckbeards. You don't have to either.

In my experience so far it's been every large corp I've joined or wanted to join. Unless a special exception or vouch is made.

Quote:
They might ask for a limited one later on to access certain services - some of which is set up for your protection to keep unknowns from joining comms, which you're arguably entitled to demand to protect your privacy.

Yeah, our corp does this too, for both comms and forum. Though it's a very, very limited character API needed to achieve this and essentially is harmless.

Quote:
Even if you protest loudly enough to enact some sort of review of this, CCP still would not be able to guarantee your privacy if you use the client to transmit personal info.

Of course, but at least they can then say they've done everything they can to help their users achieve this. Unlike right now where they've left quite a gaping hole.

Though judging by CCP Falcon's post user "privacy" isn't a concept recognized by CCP.

🍌

Remember... in Anoikis Bob Is Always Watching...

"I been kicked out of better homes than this" - Rick James

Alruan Shadowborn
Unleashed' Fury
The Initiative.
#102 - 2015-02-16 01:19:13 UTC  |  Edited by: Alruan Shadowborn
Serene Repose wrote:
Godfrey Silvarna wrote:
Pok Nibin wrote:
even though they live in a state that protects their right to privacy in their letters and other communication, which includes criminal penalties if violated (fines and prison time), that they can come here and create a system that not only entirely disregards my right to this, does this while I'm paying them money, and then blames me should anything untoward occur.

I am fairly certain that the law in Iceland does not protect you or CCP from the risk that anyone you or CCP sends mail to, electronic or physical, might publish your mutual communications.
Misconstrue...lead, or just miss the point much?

If YOU go into my Icelandic mailbox, and retrieve a letter sent to me by Pok, I'll bet the Icelandic authorities wouldn't just continue munching donuts given that tidbit of information. Should YOU put a listening device on MY phone, a dime'll get you a dollar if the Icelandic FUZZ don't show you a new set of bracelets.

I love it when people are profoundly ignorant, don't you? Oh, wait. Your post was supposed to be a slam dunk! Sowwy P


The same could be said for you.

If YOU go into my Icelandic mailbox, and retrieve a letter sent to me by Pok, with a key that you gave me authorities will point and laugh and go back to their donuts

and you call others "profoundly ignorant"
Candi LeMew
Division 13
#103 - 2015-02-16 01:30:02 UTC
Kaarous Aldurald wrote:
Thorn en Distel wrote:
I think it's a bit of a legal mess. European privacy law is pretty strict, especially where the privacy of minors is concerned, and I think this might actually be in violation or at the least close to being so. I think a more explicit warning about what exactly you're letting yourself into when you activate that option and give out your API is definitely in order.


It has one already. That's what boggles me the most. How is this even being discussed at all?

I think this is an awesome discussion. Big smile

I try to avoid these kinds of discussions/debates like the plague these days but there's some really good stuff being raised here by a lot of people imo. I think I said earlier in the thread that while I don't like mail API I deal with it. But as this discussion has evolved I've begun to think "You know what, why is mail API even a thing?".

The only responses to that I've seen have been 1) you can make a mobile phone app from it (lol) and 2) It's for corp security.

Well we all know in reality that API won't hinder a corp spy at all. It's easy to step around for all but the most incompetent.

So.... why does it exist? What positive purpose does it truly serve?

🍌

Remember... in Anoikis Bob Is Always Watching...

"I been kicked out of better homes than this" - Rick James

Jeaile
Brutor Tribe
Minmatar Republic
#104 - 2015-02-16 01:37:46 UTC
So in a nutshell:

1. Users are lazy and don't read the contract which they agree to in order to play
2. It is too difficult to write, "please delete this when you have read" or alternatively you don't trust the person you trust enough to send your personal information to, that they will delete it if asked
3. Thinking of the myriad of other communication methods at your disposal, the best you could come up with was the one method by which your messages can be tracked, read etc if all parties to it do not delete it.
4. One person states that because of someone's carelessness, their information could get out. Do not share information with people you cannot trust not to be careless.

None of the above is CCP's fault, it is peoples.

They are either too lazy, too careless, or too untrustworthy for you to share your personal details with. If you trust them enough to use your personal info, and you are sensible no-one ever needs find it. Start a conversation in game, that is not logged on any API.

As for the assertions that no-one uses evemail for spying, bullsh!t there are some very stupid attempts at spying in Eve.

OP take your supporters in this thread, clearly they are all too lazy or too stupid to do something in a sensible fashion because :effort: so they would likely use evemail for spying because it's easier.
Jimmy Farrere
University of Caille
Gallente Federation
#105 - 2015-02-16 07:44:16 UTC
Jeaile wrote:
So in a nutshell:

1. Users are lazy and don't read the contract which they agree to in order to play
2. It is too difficult to write, "please delete this when you have read" or alternatively you don't trust the person you trust enough to send your personal information to, that they will delete it if asked
3. Thinking of the myriad of other communication methods at your disposal, the best you could come up with was the one method by which your messages can be tracked, read etc if all parties to it do not delete it.
4. One person states that because of someone's carelessness, their information could get out. Do not share information with people you cannot trust not to be careless.

None of the above is CCP's fault, it is peoples.

They are either too lazy, too careless, or too untrustworthy for you to share your personal details with. If you trust them enough to use your personal info, and you are sensible no-one ever needs find it. Start a conversation in game, that is not logged on any API.

As for the assertions that no-one uses evemail for spying, bullsh!t there are some very stupid attempts at spying in Eve.

OP take your supporters in this thread, clearly they are all too lazy or too stupid to do something in a sensible fashion because :effort: so they would likely use evemail for spying because it's easier.


So to answer your points (in a nutshell)

1. Dur, who plays a game without reading a massive legal document and then reading between the lines to interpret exactly how these systems they don't yet understand could affect them.
2. It is the players fault for not realizing exactly how non-private Eve-mails can be, despite never being warned and on the surface of it, Eve-mails appearing like a private messaging system.
3. Don't use Eve-mail, ever.
4. Again, it's the players fault for not knowing how insecure Eve's mail system is, despite never being warned.

Other points included, a. Don't use Eve-mail, EVER! and b. We need Eve-mail API's so that we can easily track lazy spies by looking through all their correspondence in the mail system that any spy is going to know not to use, we're totally not just nosing through peoples personal business.
Indahmawar Fazmarai
#106 - 2015-02-16 07:46:03 UTC
Jeaile wrote:
So in a nutshell:

1. Users are lazy and don't read the contract which they agree to in order to play


Don't forget to read the evepedia article on API, as the part with "yoru mails will be accessed through the adressee's API" isn't in the EULA.

Quote:
2. It is too difficult to write, "please delete this when you have read" or alternatively you don't trust the person you trust enough to send your personal information to, that they will delete it if asked
3. Thinking of the myriad of other communication methods at your disposal, the best you could come up with was the one method by which your messages can be tracked, read etc if all parties to it do not delete it.
4. One person states that because of someone's carelessness, their information could get out. Do not share information with people you cannot trust not to be careless.

None of the above is CCP's fault, it is peoples.

They are either too lazy, too careless, or too untrustworthy for you to share your personal details with. If you trust them enough to use your personal info, and you are sensible no-one ever needs find it. Start a conversation in game, that is not logged on any API.

As for the assertions that no-one uses evemail for spying, bullsh!t there are some very stupid attempts at spying in Eve.

OP take your supporters in this thread, clearly they are all too lazy or too stupid to do something in a sensible fashion because :effort: so they would likely use evemail for spying because it's easier.


That's very smart but please come back to the OP: in 6 years, I did not need to learn of mails and full APIs, and so I didn't learn of it until I accidentally stumbled on that precious little info... 6 years and a few hundred evemails too late.

I bet you don't know may things I know about EVE, because they are not tools of your trade. Full API is not a tool of my trade and I never learned the implciations of it as iIdidn't needed to...

...and learning them on your own means reading no less than 3 different papers, or asking-the-guy-who-knows.
Sir Substance
Sebiestor Tribe
Minmatar Republic
#107 - 2015-02-16 08:54:37 UTC
Indahmawar Fazmarai wrote:

That's very smart but please come back to the OP: in 6 years, I did not need to learn of mails and full APIs, and so I didn't learn of it until I accidentally stumbled on that precious little info... 6 years and a few hundred evemails too late.


There are two lessons to be learned from this:

If you are not a UI designer:
Pretend that communication sent over the internet is going to end up publically on your facebook page, unless you've encrypted it.

If you are a UI designer:
Things which have the potential to do damage should always have attention explicitly drawn to them. Blaming the user is not acceptable design practice.

The beatings will continue until posting improves. -Magnus Cortex

Official Eve Online changelist: Togglable PvP. - Jordanna Bauer

Serene Repose
#108 - 2015-02-16 09:02:06 UTC
Marsha Mallow wrote:
Mr Epeen wrote:
Here's something to think about.

I sell characters. To transfer a character I need the persons acct name. If I were lazy or clueless and didn't bother deleting all transaction mails, like most that sell characters, and join a corp, they've now got 10 or 15 character names and their associated acct names.

ISD is very quick to delete acct names when some doofus posts one in a CB thread, but apparently CCP is fine with spreading them across New Eden via API grabs.

Don't mail info you don't want people to know, Falcon? How the hell does that work with character transfers where it's a rule to do exactly that? And then rely on the person you gave the info to to have the common sense to delete it.

Mr Epeen Cool

In character trades you request the ISK to the character being sold, so it makes sense to request the account name to be mailed to that character also to provide a clear trail for GMs in case of a dispute later on. In which case the mail is transfered along with the character, and after that point it's for the new owner to ensure their mailbox is clear before sending their full API to anyone. If you're trading characters and requesting the account name is sent to a different alt to the one being sold, or you are forwarding them on for record keeping, one would hope you have the sense not to generate an API for that alt which can be trawled. The character trading system could certainly be improved, and people should be careful about their account name, but the link you're trying to make between API keys and account name security is flimsy at best.

Recruiters who have to do background checks are usually looking for specific flags and skimming multiple accounts, not snapping fingers at 40 blackops employees to sift through your bin and launch a satellite over your house. I'm not keen on groups who demand continuous API access, so I don't play with those neckbeards. You don't have to either. In reality, you should be more concerned about IP monitoring and yakking on across various platforms where you inadvertantly divulge personal info and create a trail which can be used to generate a database of intel. Most corps who ask for a full API key will ask for it once, at the point of recruitment (which you can set to expire). They might ask for a limited one later on to access certain services - some of which is set up for your protection to keep unknowns from joining comms, which you're arguably entitled to demand to protect your privacy.

Personal responsibility or nanny state CCP? I can see why people have an issue with privacy to a degree on this (when I put pants on head and try to think seriously), although it makes me wonder exactly what you think is safely transmittable electronically in the first place? If CCP cull parts of the API to protect players who are breaching their own privacy, we all lose the ability to monitor our characters using 3rd party tools. You can't stop corps and alliances from demanding access to your API without a major policy change (which I'd be in favour of in spirit, but would be diabolically difficult to implement). Even if you protest loudly enough to enact some sort of review of this, CCP still would not be able to guarantee your privacy if you use the client to transmit personal info.
You sort of let your tirade get you off the point, assuming you were on it in the first place. Nobody's asking CCP to guarantee anything except that they don't present us with a leaky bucket. Now we know we have a leaky bucket, do we use it, or no? You want to use it? Use it. Who says no? The "intelligent" thing to do is NOT use it. So, if that's the case, what good is it? Can it be done better? SHOULD IT? These are legitimate questions even for just intellectual pursuit of a digital phenomena. SO, then...is your issue that it's being discussed at all? Think about it.

We must accommodate the idiocracy.

Vyl Vit
#109 - 2015-02-16 09:09:39 UTC  |  Edited by: Vyl Vit
This gets funnier and funnier with the spy crap. "Catch the lazy spy." You'd have to be an oaf to be reamed by a lazy spy. You'd deserve it, and the rest of the player base shouldn't have to endure faulty processes just 'cause the lazy CEO is an oaf and needs a crutch. It's a ridiculous argument, and I suggest any spy looking for a target use this thread to find people making this argument. API is anti-spy? There's your meat. Bon appetite.

The real spy cannot be caught with the API. In fact, the real spy will feed the API in such a way as to create a footprint the so called intel-folks will not only fall for, but will be inclined to promote within the ranks and bestow with privileges and the keys to the kingdom. Anybody who doesn't understand this is really playing out of their depth, and the auto-feel good seeming security blanket this API seems to offer is just the thing to refer you to the paragraph above.

That being said, and not as opinion but fact, there is no real reason to defend this other than to say,
laziness should over rule logic. That's so 21st Century, too. We must be in vogue, no?

"Ignorance is bliss," my momma always told me.

Paradise is like where you are right now, only much, much better.

Liafcipe9000
Critically Preposterous
#110 - 2015-02-16 09:21:10 UTC
Elenahina wrote:
Indahmawar Fazmarai wrote:


Go back to reading comprehension 101. I've never needed a full API, so when should I have learned that OTHERS giving THEIR full APIs would compromise MY evemails to them?


What part of "A full API gives access to ALL evemails in a person's mailbox" is confusing you? You obviously understand the concept of a full API or you wouldn't be worried about it. Is the inbox part of the mailbox? Why yes, yes it is. As is the sent items box.

The logic here is not herculean - as a picture, it pretty much paints itself.

For the record, it also gives access to evemails they have sent to the trash bin,. assuming it hasn't been emptied.

and you, as well as the other idiots verbally aggressing the OP, fail to understand that they were simply asking a question and that there is no complaint whatsoever.
Samsara Toldya
Academy of Contradictory Behaviour
#111 - 2015-02-16 09:27:56 UTC
CCP Falcon wrote:
Regardless of what you're doing in EVE, you should never EVEmail anything, to any player that you'd consider private or personal, because there's nothing to stop the other player forwarding it on to someone else or sharing it publicly via copypasta, or the API system.


As things are getting interesting:

I do have several evemails from and to CCPs / GMs in my inbox.
I am not allowed to share them (forbidden by EULA)
I am allowed to share my full API.
I can not control wether or not those with access to my API will publish those mails on platforms like reddit/pastebin using an anonymous account.

So... if I want internal correspondence with CCP/GM to be published I simply give away my full API and won't risk a ban as I didn't break any rules.

Simple as that?
Serene Repose
#112 - 2015-02-16 09:42:38 UTC
Simple as that. Shocked

We must accommodate the idiocracy.

Falken Falcon
#113 - 2015-02-16 09:50:56 UTC
Indahmawar Fazmarai wrote:
Don't forget to read the evepedia article on API, as the part with "yoru mails will be accessed through the adressee's API" isn't in the EULA.

You need to realize that when you send mail, that mail is no longer only yours, it is now commonly your and the recievers mail.

Aye, Sea Turtles

Candi LeMew
Division 13
#114 - 2015-02-16 09:55:27 UTC
Candi LeMew wrote:
So.... why does it exist? What positive purpose does it truly serve?

Still waiting...

*yawns*

🍌

Remember... in Anoikis Bob Is Always Watching...

"I been kicked out of better homes than this" - Rick James

xxxTRUSTxxx
Galactic Rangers
Already Replaced.
#115 - 2015-02-16 10:13:30 UTC
Vyl Vit wrote:
This gets funnier and funnier with the spy crap. "Catch the lazy spy." You'd have to be an oaf to be reamed by a lazy spy. You'd deserve it, and the rest of the player base shouldn't have to endure faulty processes just 'cause the lazy CEO is an oaf and needs a crutch. It's a ridiculous argument, and I suggest any spy looking for a target use this thread to find people making this argument. API is anti-spy? There's your meat. Bon appetite.

The real spy cannot be caught with the API. In fact, the real spy will feed the API in such a way as to create a footprint the so called intel-folks will not only fall for, but will be inclined to promote within the ranks and bestow with privileges and the keys to the kingdom. Anybody who doesn't understand this is really playing out of their depth, and the auto-feel good seeming security blanket this API seems to offer is just the thing to refer you to the paragraph above.

That being said, and not as opinion but fact, there is no real reason to defend this other than to say,
laziness should over rule logic. That's so 21st Century, too. We must be in vogue, no?

"Ignorance is bliss," my momma always told me.


well said.
Aralyn Cormallen
Deep Core Mining Inc.
Caldari State
#116 - 2015-02-16 10:19:20 UTC  |  Edited by: Aralyn Cormallen
I always attribute this to a generation-thing; for all their tech-savvy, modern youngsters seem blithely oblivious to how easily things they post on the internet can get around. I for one have never assumed anything I've texted, emailed, facebooked, tweeted, put in the post, said on the phone, or written on a post-it stuck to the side of my monitor has only been read by the person I intended it for. I assume the nosey guy at work has took a browse through all the documents on my PC, and my browser history on my day off work (Hi if you're reading this Phil!), that my neighbour has took a look at that letter incorrectly stuck through the wrong letterbox, and that my, yours, and everyone elses government has read my emails discussing next weekends RP session that is filled with terms that could be hilariously misconstrued.

It's like when governments are coming up with hilariously unsupportable laws about people sharing naked pictures of exes, and the afformentioned exes being shocked that if they send a naked picture to someone, it might get seen by someone who isn't the recipient. Well, duh. Human beings are humans. We are stupid, forgetful, inquisitive, nosey, prideful, jealous, possessed of inappropriate senses of humour, and occasionally spiteful and vindictive. Never attribute to malice what could be explained through stupidity. This **** is going to happen. It may not be what you intended, but you kinda have to take it with the territory; you don't want a photo of your parts posted on the internet, don't take the damn photo in the first place.
Thorn en Distel
Federal Navy Academy
Gallente Federation
#117 - 2015-02-16 10:54:49 UTC
Aralyn Cormallen wrote:
I always attribute this to a generation-thing; for all their tech-savvy, modern youngsters seem blithely oblivious to how easily things they post on the internet can get around. I for one have never assumed anything I've texted, emailed, facebooked, tweeted, put in the post, said on the phone, or written on a post-it stuck to the side of my monitor has only been read by the person I intended it for. I assume the nosey guy at work has took a browse through all the documents on my PC, and my browser history on my day off work (Hi if you're reading this Phil!), that my neighbour has took a look at that letter incorrectly stuck through the wrong letterbox, and that my, yours, and everyone elses government has read my emails discussing next weekends RP session that is filled with terms that could be hilariously misconstrued.

It's like when governments are coming up with hilariously unsupportable laws about people sharing naked pictures of exes, and the afformentioned exes being shocked that if they send a naked picture to someone, it might get seen by someone who isn't the recipient. Well, duh. Human beings are humans. We are stupid, forgetful, inquisitive, nosey, possessed of inappropriate senses of humour, and occasionally spiteful and vindictive. Never attribute to malice what could be explained through stupidity. This **** is going to happen. It may not be what you intended, but you kinda have to take it with the territory; you don't want a photo of your parts posted on the internet, don't take the damn photo in the first place.


Unfortunately, it seems to cross generations. My generation grew up under the shadow of 1984, with the radiation of Chernobyl crossing the continent, and multiple someone-almost-hit-the-red-button events. You'd expect some paranoia, yet I see people my age too in the news doing the most insanely stupid things, like accidentally sending private messages with e.g. XXX rated content to everyone in their contacts. And don't get me started on social media. It is really disturbing to me that people reveal so very much about themselves so easily, without apparently using even one braincell.

Thorn en Distel
Federal Navy Academy
Gallente Federation
#118 - 2015-02-16 10:57:38 UTC
Indahmawar Fazmarai wrote:
Thorn en Distel wrote:
I think it's a bit of a legal mess. European privacy law is pretty strict, especially where the privacy of minors is concerned, and I think this might actually be in violation or at the least close to being so. I think a more explicit warning about what exactly you're letting yourself into when you activate that option and give out your API is definitely in order.


Oh, CCP haves that very well covered, as the EULA forbids to share personal data through CCP's services.


Then they should enforce this and ban every corp that demands API keys from their recruits /shrug.
Thorn en Distel
Federal Navy Academy
Gallente Federation
#119 - 2015-02-16 10:59:37 UTC
Kaarous Aldurald wrote:
Thorn en Distel wrote:
I think it's a bit of a legal mess. European privacy law is pretty strict, especially where the privacy of minors is concerned, and I think this might actually be in violation or at the least close to being so. I think a more explicit warning about what exactly you're letting yourself into when you activate that option and give out your API is definitely in order.


It has one already. That's what boggles me the most. How is this even being discussed at all?


Thing is, I don't really remember seeing it there explicitly on the page, and I've made API keys for multiple accounts. Maybe it's a bit too easy to skim over.
Kiandoshia
Likely Suspects
RAZOR Alliance
#120 - 2015-02-16 11:22:01 UTC
Indahmawar Fazmarai wrote:


That's interesting, as nobody CCP warned me that full APIs would compromise my privacy


*pulls space handbreak*

Putting stuff on the internet compromises your privacy. Putting stuff in a fake mailbox in a video game... yeah you get the idea.
CCP can read your mail =p

If you are worried about your privacy, you should also stop using bank accounts.