These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Allowed or not Allowed - CCP some guidance?
Author
Previous Topic Next Topic
Sol Weinstein
Lunatic Warfare Federation
#101 - 2013-02-15 05:23:29 UTC
Uppsy Daisy wrote:
First the relevant point from the EULA

"You may not use your own or any third-party software, macros or other stored rapid keystrokes or other patterns of play that facilitate acquisition of items, currency, objects, character attributes, rank or status at an accelerated rate when compared with ordinary Game play. You may not rewrite or modify the user interface or otherwise manipulate data in any way to acquire items, currency, objects, character attributes or beneficial actions not actually acquired or achieved in the Game."

Next the things that could possibly be categorised as breaking the above, or not.

1) Use the EVE In-Game Browser's ShowMarketDetails() javascript method to move the market pane to a specific item.

2) Use the EVE In-Game Browser's ShowMarketDetails() javascript method in a loop to cycle through a predefined set of items, (given that there is a built-in delay between each item showing to prevent server overload and abuse).

3) Load prices from the EvE client cache that have previously been viewed in the Market Pane, by using the many available libraries (libevecache, EveCacheParser, EveCache.NET).

It really is very, very easy to string these three together into something that will feed you up to date sell/buy orders of anything. Given your characters current sell/buy orders are available through the EVE API, even the simplest of simpletons could see how this could be 'used' to accelerate the rate that a character acquires ISK.

Now, up until the last week, all of these (apart from putting them together perhaps) were considered perfectly legal.

- Eve Marketeer certainly did 1) and 2).

- There have been numerous posts on these forums, with no CCP comment, about 1) and 2) e.g. https://forums.eveonline.com/default.aspx?g=posts&m=1721979 *specifically* for the purpose of loading up the cached results. No CCP comment.

- EveMon scrapes your cache 1), loads the prices, and sends them to Eve Central.

- Eve Mentat scrapes your cache and lets you compare the prices with your orders.

There are many, many, many player tools that have not been declared illegal that use one or all of these methods.

Then CCP Sreegs declares loading cache files to be illegal ( https://forums.eveonline.com/default.aspx?g=posts&m=2601788#post2601788 )

The player base really needs some clarity on what allowed and what is not.


You've got "EVE", "Eve", "EvE" all in one post. Pick one for Jovian sake. I suggest the actual name of the game: EVE.

Thank you.

========

And, how about a solid "no".

Thank you.
Alavaria Fera
GoonWaffe
#102 - 2013-02-15 05:28:28 UTC
Sol Weinstein wrote:
Uppsy Daisy wrote:
First the relevant point from the EULA

"You may not use your own or any third-party software, macros or other stored rapid keystrokes or other patterns of play that facilitate acquisition of items, currency, objects, character attributes, rank or status at an accelerated rate when compared with ordinary Game play. You may not rewrite or modify the user interface or otherwise manipulate data in any way to acquire items, currency, objects, character attributes or beneficial actions not actually acquired or achieved in the Game."

Next the things that could possibly be categorised as breaking the above, or not.

1) Use the EVE In-Game Browser's ShowMarketDetails() javascript method to move the market pane to a specific item.

2) Use the EVE In-Game Browser's ShowMarketDetails() javascript method in a loop to cycle through a predefined set of items, (given that there is a built-in delay between each item showing to prevent server overload and abuse).

3) Load prices from the EvE client cache that have previously been viewed in the Market Pane, by using the many available libraries (libevecache, EveCacheParser, EveCache.NET).

It really is very, very easy to string these three together into something that will feed you up to date sell/buy orders of anything. Given your characters current sell/buy orders are available through the EVE API, even the simplest of simpletons could see how this could be 'used' to accelerate the rate that a character acquires ISK.

Now, up until the last week, all of these (apart from putting them together perhaps) were considered perfectly legal.

- Eve Marketeer certainly did 1) and 2).

- There have been numerous posts on these forums, with no CCP comment, about 1) and 2) e.g. https://forums.eveonline.com/default.aspx?g=posts&m=1721979 *specifically* for the purpose of loading up the cached results. No CCP comment.

- EveMon scrapes your cache 1), loads the prices, and sends them to Eve Central.

- Eve Mentat scrapes your cache and lets you compare the prices with your orders.

There are many, many, many player tools that have not been declared illegal that use one or all of these methods.

Then CCP Sreegs declares loading cache files to be illegal ( https://forums.eveonline.com/default.aspx?g=posts&m=2601788#post2601788 )

The player base really needs some clarity on what allowed and what is not.


You've got "EVE", "Eve", "EvE" all in one post. Pick one for Jovian sake. I suggest the actual name of the game: EVE.

Thank you.

========

And, how about a solid "no".

Thank you.

What happens is someone gets banned for something but we don't know what because can't discuss with third party. And then another person and another. Soon everyone is being massacred as even the NPC corp alts in GD fall silent.

Eventually every one of us discovers that CCP Streeg's banhammer is actually Graf Eisen.

Triggered by: Wars of Sovless Agression, Bending the Knee, Twisting the Knife, Eating Sov Wheaties, Bombless Bombers, Fizzlesov, Interceptor Fleets, Running Away, GhostTime Vuln, Renters, Bombs, Bubbles ?
Mara Rinn
Cosmic Goo Convertor
#103 - 2013-02-15 06:13:13 UTC
Sid Hudgens wrote:
Liang Nuren wrote:
You presume I use EveMon. I use iClone to manage my skill queue. Yes, really.

-Liang


Yes you are a special and unique snowflake. Obviously I was talking about my fellow mere mortals who are only cool enough to use EveMon.

I apologize for painting you with the same brush. Roll


I use iClone too. So Liang is at least as unoriginal and common as I am. I don't use EVEmon at all. Heck, I am not even sure how long ago I stopped accumulating SP. I might have to train something someday just so I can hear Aura tell me "skill training completed."

Day 0 Advice for New Players
Mara Rinn
Cosmic Goo Convertor
#104 - 2013-02-15 06:17:48 UTC
Agustice Arterius wrote:
So much tears.


So many tears. Tears are countable, the word can be pluralised. One tear, two tears, many tears.

So much crying. Crying is not countable, the word doesn't make a singular/plural distinction. There is crying. There is no crying. There is much crying.

Day 0 Advice for New Players
Mara Rinn
Cosmic Goo Convertor
#105 - 2013-02-15 06:23:25 UTC
Entity wrote:
In case they want to "stop" (uhuh) people from reading the cache, CCP's options are extremely limited. I could go in depth as to why it is impossible to prevent access to the cache files, but anyone with an interest in this activity knows why so I won't bother.


1) encrypt the cache on the way to disk

2) declare the encryption used as a copy protection device (the stuff stored in the cache is technically restricted use content from CCP)

3) user decrypts cache to do cache scraping

4) user goes to gaol under DMCA

5) sucks to be you

Day 0 Advice for New Players
Sol Weinstein
Lunatic Warfare Federation
#106 - 2013-02-15 06:32:04 UTC  |  Edited by: Sol Weinstein
Alavaria Fera wrote:

What happens is someone gets banned for something but we don't know what because can't discuss with third party. And then another person and another. Soon everyone is being massacred as even the NPC corp alts in GD fall silent.

Eventually every one of us discovers that CCP Streeg's banhammer is actually Graf Eisen.


This was the discussion. You can't use third party software with this game.

People who use them should be "massacred".

Thank you.
Dante Uisen
Caldari Provisions
Caldari State
#107 - 2013-02-15 07:28:05 UTC  |  Edited by: Dante Uisen
Mara Rinn wrote:
Entity wrote:
In case they want to "stop" (uhuh) people from reading the cache, CCP's options are extremely limited. I could go in depth as to why it is impossible to prevent access to the cache files, but anyone with an interest in this activity knows why so I won't bother.


1) encrypt the cache on the way to disk

2) declare the encryption used as a copy protection device (the stuff stored in the cache is technically restricted use content from CCP)

3) user decrypts cache to do cache scraping

4) user goes to gaol under DMCA

5) sucks to be you


I don't disagree with encryption making it hard/impossible to use the cache files in a legal way. The DMCA is not enforced outside the US, and if you look and something like wow glider (advanced WoW bot) it took blizzard years to force the creator to stop developing and publishing the application.

If the cache files was encrypted, using a key generated when the client loads and only stored in memory. Assuming they use a algorithm known to be secure, there is no reason to believe it will be possible to decipher the data without the key. The key can only be obtained by accessing the client process memory or reversing engineering the algorithm use to generate the key, both of which would violate the EULA.

This would not fully stop cache sculpting, someone would probably find a way to obtain the encryption key. It would put people using the technique in the same box as people using bots, and i looking at user/client behavior it would probably not be hard to spot the people using it.
Vaerah Vahrokha
Vahrokh Consulting
#108 - 2013-02-15 09:26:52 UTC  |  Edited by: Vaerah Vahrokha
Dante Uisen wrote:
This would not fully stop cache sculpting, someone would probably find a way to obtain the encryption key. It would put people using the technique in the same box as people using bots, and i looking at user/client behavior it would probably not be hard to spot the people using it.


It's even easier than that. In a path of least resistance, if cache reading became impossible (very unlikely) then people would just install an hook on the network driver and intercept data packets a la Wireshark and then decode those.

In the end it's like DownloadHelper vs video streaming companies: the more they make it hard to download the videos the better DownloadHelper (and similar) get to bypass that.

And in the end, since the data (like the videos) HAVE somehow to materialize in human readable / viewable format, both video capture softwares and data grabbing softwares can bulk capture the video being rendered and save / interpret it.

Sure, it's more effort, but many see these escalations as a challenge and many a programmer love to see their name associated to a victory against an over-protective corporation.

EvE Online portal | EvE markets tutorials
Dante Uisen
Caldari Provisions
Caldari State
#109 - 2013-02-15 10:32:07 UTC
Vaerah Vahrokha wrote:
Dante Uisen wrote:
This would not fully stop cache sculpting, someone would probably find a way to obtain the encryption key. It would put people using the technique in the same box as people using bots, and i looking at user/client behavior it would probably not be hard to spot the people using it.


It's even easier than that. In a path of least resistance, if cache reading became impossible (very unlikely) then people would just install an hook on the network driver and intercept data packets a la Wireshark and then decode those.


The result is the same, by reading the data of the wire you are also violation the EULA.
Entity
X-Factor Industries
Synthetic Existence
#110 - 2013-02-15 11:01:18 UTC
Dante Uisen wrote:
Vaerah Vahrokha wrote:
It's even easier than that. In a path of least resistance, if cache reading became impossible (very unlikely) then people would just install an hook on the network driver and intercept data packets a la Wireshark and then decode those.


The result is the same, by reading the data of the wire you are also violation the EULA.



Actually, EVE uses an encrypted connection (RSA-512 afaik), so packet sniffing does you no good.
That crypto stuff was added somewhere around the RMR era in 2006 iirc.

╦......║...╔╗.║.║.╔╗.╦║.╔╗╔╦╗╔╗

║.╔╗╔╗╔╣.╔╗╠..╠ ╠╗╠╝.║╠ ╠╝║║║╚╗

╩═╚╝║.╚╝.╚╝║..╚╝║║╚╝.╩╚╝╚╝║.║╚╝

Got Item?
Agustice Arterius
Deep Core Mining Inc.
Caldari State
#111 - 2013-02-15 11:12:49 UTC  |  Edited by: Agustice Arterius
Mara Rinn wrote:
Agustice Arterius wrote:
So much tears.


So many tears. Tears are countable, the word can be pluralised. One tear, two tears, many tears.

So much crying. Crying is not countable, the word doesn't make a singular/plural distinction. There is crying. There is no crying. There is much crying.


No, I meant to say So much tears.

Go be a spelling nazi somewheres else.

Good try though. Was kinda cute.
Mr Kidd
Center for Advanced Studies
Gallente Federation
#112 - 2013-02-15 11:28:24 UTC  |  Edited by: Mr Kidd
Entity wrote:
Vaerah Vahrokha wrote:

I estimate it'll take 2 weeks tops before someone they will never find, will have those files opened like cheap pomatoes cans and posted the whole universe about how to do it.


I'd be disappointed if it took 2 weeks. 2 days is more realistic.

Either way, encrypting cache is one option. Another option is to just not put stuff in cache they don't want scraped, for the same reason they shouldn't put static data on test servers they don't want people to speculate on.

At any rate, I believe CCP employees should be more careful about the statements they make. Someone like Sreegs who commands a fairly large amount of authority on matters such as these should at least formulate opinions in a way it looks less like a threat of imminent banning.


Just FYI, forum posts are not policy in the same way that EULAs are not specific enough to reliably judge what one can/cant do other than to steer so clear of the activity as to stop using the product.

The fact of the matter is automation is allowed but only before it's not. You see, there is a threshold. One day it's here, the other it's there. When it's not there, it's here or otherwise yonder. It all depends upon whether or not the security team is being whipped to action or whipped to inaction. But generally, as fanfest waxes and wanes they're always out for blood.

The best way for CCP to retain control is to be as ambiguous as possible, which they have. In this way they can enforce the rules how they see fit rather than how they have said. Once they draw lines showing what can and can't be done they've tied their hands. No longer can they enforce or un-enforce the EULA and their forum posts when, how and on whom they wish. So, frankly, we shall never get clarifications but rather very broadly defined acceptable behaviors with equally broad and flexible areas of enforcement/non-enforcement.

Don't ban me, bro!
Uppsy Daisy
State War Academy
Caldari State
#113 - 2013-02-15 11:45:47 UTC  |  Edited by: Uppsy Daisy
Thank you for that, that does make a lot of sense.

I can see how providing clarity on some things could be considered to be tying their hands somewhat.

But the activities I have stated are so widely used, by so many applications and players, I still think they need to publicly state whether these specific activities are allowed or not.
Entity
X-Factor Industries
Synthetic Existence
#114 - 2013-02-15 11:45:50 UTC
Mr Kidd wrote:
Just FYI, forum posts are not policy in the same way that EULAs are not specific enough to reliably judge what one can/cant do other than to steer so clear of the activity as to stop using the product.


Saying stuff like "You won't be banned for it.... for now" implies he thinks we're all breaking the rules when it has already been demonstrated we're not.

It was CCP that explicitly and publicly gave permission, and it was CCP that authorized my product for release. They made policy at that point, and last I checked that policy is still in effect. If they want to change it, fine, I don't particularly care if they do or don't, but I don't want to be labeled as someone that breaks the rules when I clearly haven't.

Note that I'm talking JUST about the act of reading the cache (as was Sreegs), not about any automation or other less than honorable things one might do with the technology, that's an entirely different matter.

╦......║...╔╗.║.║.╔╗.╦║.╔╗╔╦╗╔╗

║.╔╗╔╗╔╣.╔╗╠..╠ ╠╗╠╝.║╠ ╠╝║║║╚╗

╩═╚╝║.╚╝.╚╝║..╚╝║║╚╝.╩╚╝╚╝║.║╚╝

Got Item?
Mr Kidd
Center for Advanced Studies
Gallente Federation
#115 - 2013-02-15 12:04:34 UTC  |  Edited by: Mr Kidd
Entity wrote:


Note that I'm talking JUST about the act of reading the cache (as was Sreegs), not about any automation or other less than honorable things one might do with the technology, that's an entirely different matter.


Being the devil's advocate, do you use a hex editor to read the cache or a program to do it for you? Something that does it for you, Sir, is automation. And it would seem to me that such a tool accelerates you acquisition of "stuff" faster than someone using a hex editor. Even the hex editor can be categorized as automation and acceleration when compared to someone examining the individual bits of 0's & 1's and so forth until we're comparing use of stone tools to examine the data. I understand what you're saying. I'm only being the devil here.

My point in my previous post wasn't about any specific program approved or otherwise. It was more or less about how if one were to work merely with that CCP has said and what their EULA states then there are a number of activities which would seem to be allowed but, for which CCP could say they are not. The in-game legality is so broad and grey as to be utterly helpless to whomever, and their mood, happens to be examining the activity at that specific time. One could use astrology to determine when something is allowable or not as reliably as the EULA and forum posts.

This, of course, brings me back to why, in these circumstances, doesn't CCP have an official and well documented review process with which the accused can participate to help clear themselves when they've been banned and their assets seized other than CCP's current process which is to have the user file a petition to which CCP says "Trust us" and "Kiss off".

Don't ban me, bro!
Dante Uisen
Caldari Provisions
Caldari State
#116 - 2013-02-15 12:55:09 UTC  |  Edited by: Dante Uisen
Mr Kidd wrote:
Entity wrote:


Note that I'm talking JUST about the act of reading the cache (as was Sreegs), not about any automation or other less than honorable things one might do with the technology, that's an entirely different matter.


Being the devil's advocate, do you use a hex editor to read the cache or a program to do it for you? Something that does it for you, Sir, is automation. And it would seem to me that such a tool accelerates you acquisition of "stuff" faster than someone using a hex editor. Even the hex editor can be categorized as automation and acceleration when compared to someone examining the individual bits of 0's & 1's and so forth until we're comparing use of stone tools to examine the data. I understand what you're saying. I'm only being the devil here.


It's irrelevant you could say that about using a spreadsheet with the exported market data, or any process that can be improved using information technology.

Using the cache files is different from most other techniques, because the files are not designed to be used to the player base, the data is not exactly stored in a human readable format. It has nothing to do with how or what you use to read the files, only weather or not it's allowed.

Dev and gm posts has confirmed that it's okay, CCP Sreegs seems to be of a different opinion. It would be nice with an official answer, but we are probably not getting it.
Vaerah Vahrokha
Vahrokh Consulting
#117 - 2013-02-15 13:37:38 UTC
Dante Uisen wrote:
Vaerah Vahrokha wrote:
Dante Uisen wrote:
This would not fully stop cache sculpting, someone would probably find a way to obtain the encryption key. It would put people using the technique in the same box as people using bots, and i looking at user/client behavior it would probably not be hard to spot the people using it.


It's even easier than that. In a path of least resistance, if cache reading became impossible (very unlikely) then people would just install an hook on the network driver and intercept data packets a la Wireshark and then decode those.


The result is the same, by reading the data of the wire you are also violation the EULA.



I want to see how CCP enforces that. Plenty of software (including packet shapers, stateful firewalls etc) that hook into and analyze network packets. Many people don't even know they have that stuff installed.

EvE Online portal | EvE markets tutorials
Uppsy Daisy
State War Academy
Caldari State
#118 - 2013-02-15 13:47:11 UTC  |  Edited by: Uppsy Daisy
The EULA is pretty clear on that:

You may not reverse engineer, disassemble or decompile, or attempt to reverse engineer or derive source code from, all or any portion of the Software, or from any information accessible through the System (including, without limitation, data packets transmitted to and from the System over the Internet), or anything incorporated therein, or analyze, decipher, "sniff" or derive code (or attempt to do any of the foregoing) from any packet stream transmitted to or from the System, whether encrypted or not, or permit any third party to do any of the same, and you hereby expressly waive any legal rights you may have to do so. If the Software and/or the System contains license management technology, you may not circumvent or disable that technology.

It is not allowed.

It may be hard to see how they can enforce it, but please can we try to stay on topic.

The thread is about the in game legality of one or both of:

1) Using the in-game browser ShowMarketDetails() call to scroll through a set of items in the game
and
2) Reading the resulting EVE cache records using one the many libraries
Thur Barbek
Republic University
Minmatar Republic
#119 - 2013-02-15 13:54:01 UTC  |  Edited by: Thur Barbek
Uppsy Daisy wrote:
The EULA is pretty clear on that:

You may not reverse engineer, disassemble or decompile, or attempt to reverse engineer or derive source code from, all or any portion of the Software, or from any information accessible through the System (including, without limitation, data packets transmitted to and from the System over the Internet), or anything incorporated therein, or analyze, decipher, "sniff" or derive code (or attempt to do any of the foregoing) from any packet stream transmitted to or from the System, whether encrypted or not, or permit any third party to do any of the same, and you hereby expressly waive any legal rights you may have to do so. If the Software and/or the System contains license management technology, you may not circumvent or disable that technology.


"derive source code" is what that paragraph is about. Unless your telling me cache files are a part of the source code (they are not), that section of the EULA does not apply.
Vera Algaert
Republic University
Minmatar Republic
#120 - 2013-02-15 13:56:01 UTC  |  Edited by: Vera Algaert
Entity wrote:
Mr Kidd wrote:
Just FYI, forum posts are not policy in the same way that EULAs are not specific enough to reliably judge what one can/cant do other than to steer so clear of the activity as to stop using the product.


Saying stuff like "You won't be banned for it.... for now" implies he thinks we're all breaking the rules when it has already been demonstrated we're not.

It was CCP that explicitly and publicly gave permission, and it was CCP that authorized my product for release. They made policy at that point, and last I checked that policy is still in effect. If they want to change it, fine, I don't particularly care if they do or don't, but I don't want to be labeled as someone that breaks the rules when I clearly haven't.

Note that I'm talking JUST about the act of reading the cache (as was Sreegs), not about any automation or other less than honorable things one might do with the technology, that's an entirely different matter.

CCP is not one monolithic entity - it is comprised of individual people who make up different departments.

The security team can hold one opinion on EULA interpretation and the GM team can hold a different opinion and both can give you a slap on the wrist if you don't conform to their interpretation.

We've already been through this half a dozen times - each time after CCP Sreegs made statements on the very low number of false positives in his banwaves to which playerbase reacted with "those numbers cannot be true, we have proof that there were more false positives than you claim" only to have Sreegs respond with "well, those false positives you refer to are the GM team's false positives and not our responsibility".

The GM team and the security team are separate entities and they don't seem to communicate very well.

.