EVE General Discussion

Some people just take this game too seriously.

While it may expose the dumbest of spies. Full API is nothing but an invasion into the activities of the member involved. Some people communicate with friends over EVEmail. Or are considering other corps. Only a pure idiot would do spy communications via the character in the corp.

Also I suspect a growing want of the keys is to detect if members purchase alts from the Eve forum to run things like incursions with. They are losing the ability to have direct control over their memberbase so demanding full API is one of their attempts of establishing their version of Order. Which is of course the ole "Come to the CTA or log the **** out"

If my main joins a corp. Said corp gets a limited key to check for skills and basic info and that is it. I am willing to be a bit more lenient on smaller corps if I join as they don't have the resources to help isolate spies as much. But a full API is simply out of the question.

This is one of the reasons I hope CCP implements a modular corp and POS system in the future. Once demand for members is up due to the lesser security risk. This bs about full API will mostly vanish.

Edit:



That is none of your business. Said alts are not joining your corp. And people may want to keep them hidden to serve as a means to make funds when in combat elsewhere.

The only API details any Corp. should ever need from their members is the Limited API key. Charac ter Sheet, Skills, Skillqueue.
Anything beyond that is an invasion of privacy and is also open to abuse.

Edit : There are other, far better ways of determining if you have spies in your Corp or not.
Going the Full API route is ludricous.

o/

Yes.

If said player was serious about playing both sides then it is called having 2 accounts. It is none of your business to be able to see if the player has bought an incursion alt or wants to run a small SP alt in a hisec corp.

Quoted for truth. It's about member control and recruitment policy.

o/

Is that you agreeing that it serves the purpose of filtering out terrible\lolspys ?

Obviously a serious spy would cover it's tracks much better than others but there are some who would transfer isk directly to their spy alt (because it's easy) etc and if it weeds out them then it's doing a job.

It's not about invasion or privacy, it's more about making corp life safer and more fun for corp members.

I'm talking about this from a smaller (sub 50 players) empire\low sec corp rather than a 0.0 alliance level.

How would you go about weeding out spys then?

It's not even a full api request, it was for an incredibly limited api (character list\skill sheet).
I'm trying to get my head round the mind set of it all and in all honesty, I'm struggling.

The question still stands though, how do you filter for spys?

oh and bar "reading my eve mails" I've not heard much that makes me buy into this "OMFG API AAAHHHH"

Also, what corp pos thing?

Some people simply enjoy their privacy. I don't want anyone reading all of my mail messages. There's nothing incriminating in there that I know of, but I have years' worth of messages saved and I don't want people prying. I don't want them seeing my assets, my finances, my contacts, everything.

Speaking of contacts, what if I have personal friends from 2007 (I actually do) who are now in various nullsec alliances (many actually are), some of which might be red to the corp/alliance I'm trying to join? Do I need to make sure they're red or delete them?

If I wanted to join a corp/alliance and they demanded a full API, I'd probably give it to them, since I know I have nothing to hide. It's just bothersome that CCP has devised and implemented a system that allows player leaders to demand and expect full access to every aspect of someone's character.

aside from API:

forum search - special attention to character bazaar and Timecode Bazaar.
checking employment history - maybe there are some alt corps in there? evewho is great for this sort of thing
checking contracts history - not complete but it might give you some pointers
checking killboards - who did he fly with? who did he kill?

If you have your own spies inside entities that you suspect to spy on you you can also do interesting stuff like

* watermarking important forum posts/announcements to trace leaks (look for the PL forum mirror it has some nice info on this: idea is that you display different versions of the same post to each viewer, e.g. by automatically replacing some characters with equally looking but different unicode characters based on the viewer's forum userid; or by offering different combinations of synonyms - e.g. four words with one possible synonym for each gives you 16 different versions of the forum post which already cuts down the number of people you suspect of having leaked the post considerably)

* harvesting IPs, e.g. post a link to some funny image hosted on a server you have access to on your enemies' forum, log IPs & timestamps which access that image, try to connect them to characters that replied to your post, compare to your own people's IPs that you harvested through your TeamSpeak server.
(or have your spy post a link to your file during some roam, that way you know pretty well who has clicked it, try to correlate IPs with characters by e.g. using the country information displayed by TeamSpeak; If there is only one German in the roam the German IP is probably him).
Also use voicecomms logs to look for people who listen in on ops but don't participate (or people who only log in for pvp ops). Check IPs that access your own forums or voicecomms for obvious proxies/VPN providers.

* make note of idiosyncratic misspellings or grammar fails

* keep a close eye on people who are too eager to x up or never x up when you call for all spais to 'x' up in fleet chat.
j/k

* ...

In general kicking a spy will only result in him being replaced by another one that is harder to detect.
My advice would be that unless you suspect one of your FCs or directors/CEOs to spy on you, don't bother too much about it.

Full API keys make it easier to infiltrate corporations. They get Full API key, suddenly they feel more confident that you're not a spy, even though you are. They can go through assets and wallet journals with a fine toothed comb, search for nonexistent killmails, search for nonexistent forum posts, perform forensic accounting until the cows come home. The fact that your pirate alt is on a different account never shows up on the API search.

Full API key auditing is security theatre. It will only ever weed out the truly incompetent spies.

Of course, having finer grained control over who is allowed to do what with which corporate asset would make life much easier for everyone. At this POS, you can submit private research jobs which will get delivered back to your own hangar! At that POS you have no access to anything. At the other POS you can submit manufacturing jobs, and none of the POSes let you see what other people are researching/inventing/manufacturing.

And you certainly can't touch the Ragnarok BPO that the CEO is doing ME research on.