These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

@CCP - breach of national laws

First post
Author
Previous Topic Next Topic
MadMuppet
Critical Mass Inc
#281 - 2012-07-11 03:18:02 UTC  |  Edited by: MadMuppet
http://enigmaco.de/enigma/enigma.swf

If it is important, it should be encoded and only those you trust should have the wire positions, wheel numbers and order, and three letter start codes. They should change daily or at least weekly. For special direct communications a dedicated few should have a second code book. Also false messages should be coded and know for speed to disrupt operations.

TLDR: Use an Enigma Machine, Copy paste makes this all happen very fast.

This message brought to you by Experience(tm). When common sense fails you, experience will come to the rescue. Experience(tm) from the makers of CONCORD.

"If you are part of the problem, you will be nerfed." -MadMuppet
Y'nit Gidrine
Center for Advanced Studies
Gallente Federation
#282 - 2012-07-11 03:48:37 UTC
You know, if only there were some sort of encryption scheme which was pretty good at protecting your privacy, then we wouldn't be having this problem.
Chokichi Ozuwara
Perkone
Caldari State
#283 - 2012-07-11 04:15:51 UTC
I am a space lawyer.

Tears will be shed and pants will need to be changed all round.
Shameless Avenger
Can Preachers of Kador
#284 - 2012-07-11 04:32:05 UTC
MadMuppet wrote:
http://enigmaco.de/enigma/enigma.swf

If it is important, it should be encoded and only those you trust should have the wire positions, wheel numbers and order, and three letter start codes. They should change daily or at least weekly. For special direct communications a dedicated few should have a second code book. Also false messages should be coded and know for speed to disrupt operations.

TLDR: Use an Enigma Machine, Copy paste makes this all happen very fast.


Hum... this is interesting. The decoding mechanism could be expanded to have multiple decryption strings. Each decryption string could have hard-coded decryption flaws (like capitalize every 40th letter). Different decryption strings could be given to different corps/members. And when the message comes out on skunk, you can search for which flaw it had, thus determining the decryption key used, thus finding out the corp/member that leaked it.

"This is the Ninja. He will scan you down; he will salvage your wrecks and there shall be no aggro"
Ziranda Hakuli
Brutor Tribe
Minmatar Republic
#285 - 2012-07-11 05:04:37 UTC
Spymaster Bates wrote:
Geil Ding wrote:
I think many have seen www.eveskunk.com by now. An API from a player is (ab)used to show alliance mails on a website for everybody to see. But this is against many national laws, privacy laws to be exact. The problem could correct itself if the sender of the mail has an option to exclude the mail from the API, but there is no such option.

My question to CCP, will the API be changed and the alliance and corp mails removed from the API? Torrent site aren't downloading the content themselfs, but facilitate it.. So is CCP, not sending the mails to website like www.eveskunk.com but CCP does facilitate it.



Hi,

I'd like to address something important here. The API's here aren't farmed or stolen, they are from active agents or API's given consentually. If you are mad about your alliance being infiltrated then have better recruitment standards.


but how will the Spies infiltrate if people were not lazy?
The Slayer
GoonWaffe
Goonswarm Federation
#286 - 2012-07-11 06:13:34 UTC
Heres an idea, don't use alliance mail for sensitive information you don't want spies to know.
Alavaria Fera
GoonWaffe
#287 - 2012-07-11 06:52:38 UTC
The Slayer wrote:
Heres an idea, don't use alliance mail for sensitive information you don't want spies to know.

Heck, most nullsec groups use out-of-game comms.

Spies still get in of course. If a line member is going to know something, so will a spy. *shrug*


The best spies record your comms and then leak it after every welp, like clockwork.

Triggered by: Wars of Sovless Agression, Bending the Knee, Twisting the Knife, Eating Sov Wheaties, Bombless Bombers, Fizzlesov, Interceptor Fleets, Running Away, GhostTime Vuln, Renters, Bombs, Bubbles ?
Atomic Option
NO Tax FAT Stacks
#288 - 2012-07-11 07:01:26 UTC
No.

The APIs are provided voluntarily so there's no theft or wiretapping or unauthorized access.

The corp/alliance mails do not have an expectation of privacy.

Even 1 to 1 EVEMails do not have a legal expectation of privacy because CCP reserves the right to read them in their ToS or EULA o somewhere I'm too lazy to go look up.



People bring this **** up every once in a while, but it's all bullshit.
dexington
Caldari Provisions
Caldari State
#289 - 2012-07-11 07:05:16 UTC
Geil Ding wrote:
... but this is against many national laws, privacy laws to be exact ...


Many is relative term, but in most countries public disclosure of emails is legal, then you are the receiving or sending party. In doing so you may be subject to various laws, e.g. breaking non disclosure agreements, publishing trade secrets, violating client confidentiality, etc.

Even if you live in a country where it's illegal, it can never be CCP who breaks the law. The person responsible for posting the email content, is the person breaking the law.

I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous.
Vera Algaert
Republic University
Minmatar Republic
#290 - 2012-07-11 07:16:36 UTC  |  Edited by: Vera Algaert
just don't use CCP-provided means of communications (in-game mails/chats) but roll your own solution (forums + IRC/Jabber).

Make your members sign a NDA and submit proof of identity (there are services that will weed out the more obvious forgeries for you) before they get access.

(While you are sorting out all the legal stuff - trademark your alliance name/logo, incorporate the alliance and run your website/services from a corporate account to prevent hijacking by some disgruntled member and make any alliance members that might create content for you - websites, propaganda, ... - sign over copyright to the alliance or at least grant the alliance an exclusive & perpetual license to the content)

You should watertag sensitive forum posts (e.g. encode the userid of the person viewing the post by replacing characters with identically looking but different characters, Unicode is awesome) to identify leaks and keep permanent logs of who was logged into which service at which time.

problem solved.

spaceships are serious business - treat them like business and you'll be fine.

.
Rico Minali
Sons Of 0din
Commonwealth Vanguard
#291 - 2012-07-11 07:34:45 UTC
Geil Ding wrote:
I think many have seen www.eveskunk.com by now. An API from a player is (ab)used to show alliance mails on a website for everybody to see. But this is against many national laws, privacy laws to be exact. The problem could correct itself if the sender of the mail has an option to exclude the mail from the API, but there is no such option.

My question to CCP, will the API be changed and the alliance and corp mails removed from the API? Torrent site aren't downloading the content themselfs, but facilitate it.. So is CCP, not sending the mails to website like www.eveskunk.com but CCP does facilitate it.



Looks to me like someone wants to be a spai and never have his mailbox ccompromise his position. Anyone want to recruit this man?

Trust me, I almost know what I'm doing.
Vera Algaert
Republic University
Minmatar Republic
#292 - 2012-07-11 07:38:27 UTC  |  Edited by: Vera Algaert
Also if you have an issue with eveskunk try to contact their webhost (or ISP if self-hosted) before looking for legal recourse or CCP intervention.

Copyright & privacy arguments have been convincing enough to hosts (which generally don't like trouble of any sort) to make them shut down unauthorized mirrors of alliance forums in the past.

Eventually the website will of course end up with some host which doesn't respond to your demands/threats but until then you might be able to cause considerable trouble/costs to eveskunk. Always go for the weakest link first.

.
dexington
Caldari Provisions
Caldari State
#293 - 2012-07-11 07:53:46 UTC
Vera Algaert wrote:
Also if you have an issue with eveskunk try to contact their webhost/ISP before looking for legal recourse or CCP intervention.


Contacting their internet service provider, or their hosting service, can be compared to contacting Microsoft and asking them to immediately recall every version of lookout, because email accounts can get hacked and therefore are illegal and dangerous. Most office/email/imaging software can be used to commit criminal acts involving forgery, this does not mean you can hold the companies producing the software countable for any crimes committed be the users of the software.

You can only persecute the one responsible for committing the crime.

I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous.
Vera Algaert
Republic University
Minmatar Republic
#294 - 2012-07-11 08:52:58 UTC  |  Edited by: Vera Algaert
dexington wrote:
Vera Algaert wrote:
Also if you have an issue with eveskunk try to contact their webhost/ISP before looking for legal recourse or CCP intervention.


Contacting their internet service provider, or their hosting service, can be compared to contacting Microsoft and asking them to immediately recall every version of lookout, because email accounts can get hacked and therefore are illegal and dangerous. Most office/email/imaging software can be used to commit criminal acts involving forgery, this does not mean you can hold the companies producing the software countable for any crimes committed be the users of the software.

You can only persecute the one responsible for committing the crime.

nope, if we are in "bad analogy"-land then I'd rather liken it to me contacting Microsoft asking them to lock your hotmail account because it is spreading malware or sending out spam.

Most hosting providers don't want you to do anything that might potentially be illegal using their services and cave in very quickly to any threat of legal action. When faced with the choice between potentially losing one customer or a lot of drama involving lawyers they frequently choose the former option.

If you don't believe me that this works try http://files.pleaseignore.com/forumdumps/www.pandemic-legion.com/

Nobody is talking about persecuting or suing anyone - my suggestion is to write an angry letter (or better have an actual lawyer write the angry letter in your name) to the webhost/ISP before consider any real legal actions.

It's cheap, it sometimes does work and if it doesn't you aren't required to follow up on it in any way.

.
dexington
Caldari Provisions
Caldari State
#295 - 2012-07-11 09:02:32 UTC
Vera Algaert wrote:
If you don't believe me that this works try http://files.pleaseignore.com/forumdumps/www.pandemic-legion.com/

Nobody is talking about persecuting or suing anyone - my suggestion is to write an angry letter (or better have an actual lawyer write the angry letter in your name) to the webhost/ISP before consider any real legal actions.


http://thepiratebay.se/legal/

I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous.
Vera Algaert
Republic University
Minmatar Republic
#296 - 2012-07-11 09:11:39 UTC  |  Edited by: Vera Algaert
dexington wrote:
Vera Algaert wrote:
If you don't believe me that this works try http://files.pleaseignore.com/forumdumps/www.pandemic-legion.com/

Nobody is talking about persecuting or suing anyone - my suggestion is to write an angry letter (or better have an actual lawyer write the angry letter in your name) to the webhost/ISP before consider any real legal actions.


http://thepiratebay.se/legal/

you could also have linked http://jdel.eu/pandemic/index.html

Vera Algaert wrote:
Eventually the website will of course end up with some host which doesn't respond to your demands/threats but until then you might be able to cause considerable trouble/costs to eveskunk. Always go for the weakest link first.

just because it doesn't work 100% of the time doesn't mean it's useless to try - as I pointed out above even if you use a lawyer it's a very cheap (typical price for a DMCA takedown request seems to be $200-300) and low-effort option compared to the alternatives. It would be stupid not to try it.

.
dexington
Caldari Provisions
Caldari State
#297 - 2012-07-11 09:32:07 UTC  |  Edited by: dexington
Vera Algaert wrote:
just because it doesn't work 100% of the time doesn't mean it's useless to try - as I pointed out above even if you use a lawyer it's a very cheap (typical price for a DMCA takedown request seems to be $200-300) and low-effort option compared to the alternatives. It would be stupid not to try it.


a fool and his money are soon parted...

I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous.
dexington
Caldari Provisions
Caldari State
#298 - 2012-07-11 09:32:52 UTC
.

I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous.
Jace Errata
Caldari Provisions
Caldari State
#299 - 2012-07-11 10:26:38 UTC
The hell does this even still exist for

tweeten

One day they woke me up so I could live forever

It's such a shame the same will never happen to you
True Sight
Deep Freeze Industries
#300 - 2012-07-11 15:55:49 UTC
Screeg's or whover, there is one suggestion I'd really like to ask...

Could the API Activity log please list WHICH API is being used for that connection?

For example I have 4 API keys, one each for the various services I use (such as evemon). I can see that my API is being accessed in the log, but I don't know which of those keys it is.

This would be great and let players know who's giving out the keys they use and allow us to maintain our own security.