These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
Previous page123
 

the Power of API
Author
Previous Topic Next Topic
Nariya Kentaya
Ministry of War
Amarr Empire
#41 - 2014-07-17 19:26:05 UTC  |  Edited by: Nariya Kentaya
Titania Hrothgar wrote:
B Scripts wrote:
If you had nothing to hide, you wouldn't mind sharing.



/NSA


Fortunately, that's not a true statement :)

NSA just looks at facebook, twitter, tumblr nowadays. And checks who all is on furaffinity in there offtime.

(ISD, is it ok that i mentioned that last site as a joke? i eman were all adults here, i doubt anyone could have internet acces and not know to avoid that sight at all costs, ya know?)
Ocih
Space Mermaids
#42 - 2014-07-17 19:31:12 UTC
Most people do it and don't even think about it. EVE Mon anyone?

For most people the API is not a threat. Just don't become a target in EVE and by target I mean, don't ever amount to anything.
Mr Epeen
It's All About Me
#43 - 2014-07-17 19:35:17 UTC
Nariya Kentaya wrote:

NSA just looks at facebook, twitter, tumblr nowadays.


There was some jock Brit partyboy that posted on his FB page that they were going to burn down the U.S. (or whatever the British expression for party till you puke is) and found himself in custody shortly after getting off the plane. I guess Homeland Security and the NSA were coming up for budget review.


Mr Epeen Cool
Robert Sawyer
Deep Core Mining Inc.
Caldari State
#44 - 2014-07-17 20:23:56 UTC
API Keys are used by corporations to see what you have been up to recently, to make sure that you're not an awoxer (somebody who infiltrates a rival corporation to cause harm). It's for security protocols n' stuff, but be careful. If your API key falls into the wrong hands (example Goonswarm) you are face-deep in a pile of sh*t.
Always hand your API key with caution!

"And when, at last, the moment is yours, that agony will become your greatest triumph."
flakeys
Doomheim
#45 - 2014-07-17 20:31:43 UTC
Mr Epeen wrote:
I won't ask you for an API to join my corp, Titania.

We do fun activities like forum roams and thread ganks. If you have a knack for annoying people using only your words, then you are what we here at IAAM want. No need for a blaster when a sharp wit will kill with more finesse.

Mr Epeen Cool



Mmmm sounds like just my type of corp and chance has it i am corpless ...

We are all born ignorant, but one must work hard to remain stupid.
Bronson Hughes
The Knights of the Blessed Mother of Acceleration
#46 - 2014-07-17 20:43:23 UTC
Information about past behavior isn't always an indicator of future behavior. In a setting like EvE with disposable, transferable characters, there is absolutely no way of knowing someone's intention when they join a corp. No amount of API checking will tell you that a 3-month-old rookie pilot all alone in their account is really a bittervet looking to cause you issues and willing to pay to do so.

That's why, as in the real world, good security is about access and compartmentalization, not background checks. Assume that your background checks are going to fail, and design your security protocols to handle a determined infiltrator. If you limit the access that any one person has to corp assets, you limit the damage they can do as well. Don't fly stupidly expensive ships in situations where you don't have a GTFO plan. And for Heaven's sake, learn how to PvP because at some point or another in your EvE career you will need to.

Relatively Notorious By Association

My Many Misadventures

I predicted FAUXs
Bohneik Itohn
10.K
#47 - 2014-07-17 20:45:28 UTC
Fun fact: I have yet to see a single third party tool that promises not to use your API or information contained within your API for purposes other than those that you specifically use the tool to engage in, or that they won't provide that information to other third parties.


Just sayin'... If you've ever made an API for anything, assume that everyone has access to all of the information that API provided at the time.

Wait, CCP kills kittens now too?!  - Freyya

Are you a forum alt? Have you ever wondered why your experience on the forums is always so frustrating and unrewarding? This may help.
Bronson Hughes
The Knights of the Blessed Mother of Acceleration
#48 - 2014-07-17 20:52:33 UTC
Bohneik Itohn wrote:
Fun fact: I have yet to see a single third party tool that promises not to use your API or information contained within your API for purposes other than those that you specifically use the tool to engage in, or that they won't provide that information to other third parties.


Just sayin'... If you've ever made an API for anything, assume that everyone has access to all of the information that API provided at the time.

One more reason why the only API keys I give to any tool, site, or (in my past incarnation) prospective corps are either killmail only, or deactivated within 24 hours. Security works both ways....

Relatively Notorious By Association

My Many Misadventures

I predicted FAUXs
Adira Nictor
Sebiestor Tribe
Minmatar Republic
#49 - 2014-07-17 21:54:08 UTC
Titania Hrothgar wrote:
Just out of curiosity, I decided to look into what all is granted by a full API. I did a quick google search, found a link to the powerful tools used by corporations to do their background checks, and was appalled at what I saw.

My assets and in which station I'd placed them, my wallet, all my market transactions, where I go, what I do, even granting full access to every notification and mail I send and receive? A full API literally lets someone watch my every move!

It's creepy!

I've now joined the bandwagon of those who refuse to provide a full API. No one shall have that kind of access to my game play experience. I sent an e-mail to my corp providing them with a new API. I hope they understand. It was just way too creepy a thing to have out there....

*shudder*


Most corps don't want your full api forever. They just want it for the initial background check, after that you can delete it in most cases.

Some corps/alliances require a limited api to access web services like TS3 and forum access.

Saying that, any corp that doesn't require an API and background check is not worth joining, because at some point, an awoxer will be recruited, and your safety will be at risk.


To all those that say API checks don't stop awoxers, this is true. But, it makes it a lot harder for people like me, who do not make a new pilot every time to awox with.
Inxentas Ultramar
Ultramar Independent Contracting
#50 - 2014-07-17 22:28:01 UTC
Bronson Hughes wrote:
That's why, as in the real world, good security is about access and compartmentalization, not background checks. Assume that your background checks are going to fail, and design your security protocols to handle a determined infiltrator. If you limit the access that any one person has to corp assets, you limit the damage they can do as well. Don't fly stupidly expensive ships in situations where you don't have a GTFO plan. And for Heaven's sake, learn how to PvP because at some point or another in your EvE career you will need to.


QTF. Proper access management is the most important factor to corp security. Awoxing is a constant and unchanging possibility, all your API checking might diminish is it's probability. Another factor is investment. Someone that has put considerabe effort into building your corp along with you, is less likely to burn the very things they are proud of themselves. Don't put in a public hanger what your corp cannot afford to lose. The old adage of flying what you cannot afford also applies here.

That being said, API data such as your character sheet can be a massive boon to the guys working on your groups doctrine fits and such. Even a limited one is usefull. I've played the villain before and I still do, I'm actively involved in spreading what I know about PVP shenanigans. When a past awox comes up in a recruitment talk I'd be more interested in the story, and share some of my own.

It really comes down to what corp you are running. If you risk billions on a daily basis your security needs to be top notch. If you run a rag-tag band of intermediate SP lowsec PVPers, you can be a bit more lax. I've found exchanging an API for actual roles & titles works fine. Some granularity is in order, corp security isn't that black and white.
De'Veldrin
Republic University
Minmatar Republic
#51 - 2014-07-18 12:23:35 UTC  |  Edited by: De'Veldrin
Nariya Kentaya wrote:

I remember one time in a corp I was in, our recruiter hated taking APIs, but he always did. It payed off one day when he was looking WAAAAY back in a characters history and found out it was a Psychotic Monk alt, he even popped into the channel to confirm he was caught. He was a cool dude, too.

Honestly, it's a PITA, and I wish I didn't have to do it, but ... such is the state of the cluster that the default setting of any interaction with an unknown person is "This ****** is trying to rob me blind." As my grand mother was fond of saying "An ounce of prevention is worth a pound of cure."

i also agree with the idea of not giving people access to more than they need. Working in software development we deal with app security and it works very much like this - we look at the role the user plays in the organization and dynamically lock out parts of the application based on what hey actually need to do their jobs. internal security in an Eve corporation should work much the same way. security is not just about checking an API and going "OK, they're good!" it is an on going and evolving challenge and it doesn't end when your new corpmate suddenly earns his green star.

De'Veldrin's Corollary (to Malcanis' Law): Any idea that seeks to limit the ability of a large nullsec bloc to do something in the name of allowing more small groups into sov null will inevitably make it that much harder for small groups to enter sov null.
J'Poll
School of Applied Knowledge
Caldari State
#52 - 2014-07-18 13:25:56 UTC
Titania Hrothgar wrote:
Just out of curiosity, I decided to look into what all is granted by a full API. I did a quick google search, found a link to the powerful tools used by corporations to do their background checks, and was appalled at what I saw.

My assets and in which station I'd placed them, my wallet, all my market transactions, where I go, what I do, even granting full access to every notification and mail I send and receive? A full API literally lets someone watch my every move!

It's creepy!

I've now joined the bandwagon of those who refuse to provide a full API. No one shall have that kind of access to my game play experience. I sent an e-mail to my corp providing them with a new API. I hope they understand. It was just way too creepy a thing to have out there....

*shudder*



2010 character and it took you 4 years that ticking all those boxes that exactly say what acces they grant to be that intrusive.


Fail.

Personal channel: Crazy Dutch Guy

Help channel: Help chat - Reloaded

Public roams channels: RvB Ganked / Redemption Road / Spectre Fleet / Bombers bar / The Content Club
Alavaria Fera
GoonWaffe
#53 - 2014-07-18 15:07:56 UTC
J'Poll wrote:
Titania Hrothgar wrote:
Just out of curiosity, I decided to look into what all is granted by a full API. I did a quick google search, found a link to the powerful tools used by corporations to do their background checks, and was appalled at what I saw.

My assets and in which station I'd placed them, my wallet, all my market transactions, where I go, what I do, even granting full access to every notification and mail I send and receive? A full API literally lets someone watch my every move!

It's creepy!

I've now joined the bandwagon of those who refuse to provide a full API. No one shall have that kind of access to my game play experience. I sent an e-mail to my corp providing them with a new API. I hope they understand. It was just way too creepy a thing to have out there....

*shudder*

2010 character and it took you 4 years that ticking all those boxes that exactly say what acces they grant to be that intrusive.


Fail.

Quite terrible.

Triggered by: Wars of Sovless Agression, Bending the Knee, Twisting the Knife, Eating Sov Wheaties, Bombless Bombers, Fizzlesov, Interceptor Fleets, Running Away, GhostTime Vuln, Renters, Bombs, Bubbles ?
Titania Hrothgar
Nemesis Retribution
#54 - 2014-07-18 17:27:37 UTC  |  Edited by: Titania Hrothgar
J'Poll wrote:


2010 character and it took you 4 years that ticking all those boxes that exactly say what acces they grant to be that intrusive.


Fail.


I've played 4 months out of those 4 years. I feel I've no reason to explain my short time of actual gameplay so I won't.

Proof that a background check doesn't tell you everything ;)

All the world's a stage and all the men and women are the players.
BeBopAReBop RhubarbPie
University of Caille
Gallente Federation
#55 - 2014-07-18 18:23:28 UTC
Titania Hrothgar wrote:
J'Poll wrote:


2010 character and it took you 4 years that ticking all those boxes that exactly say what acces they grant to be that intrusive.


Fail.


I've played 4 months out of those 4 years. I feel I've no reason to explain my short time of actual gameplay so I won't.

Proof that a background check doesn't tell you everything ;)

Just because a tool is not perfect does not make it useless.

Founder of Violet Squadron, a small gang NPSI community! Mail me for more information.

BeBopAReBop RhubarbPie's Space Mediation Service!
Chainsaw Plankton
FaDoyToy
#56 - 2014-07-19 03:25:48 UTC
Ocih wrote:
Most people do it and don't even think about it. EVE Mon anyone?

For most people the API is not a threat. Just don't become a target in EVE and by target I mean, don't ever amount to anything.


Eve Mon has access to a limited API that has skill info and not much else, hell you can see pretty much all that info on http://eveboard.com/pilot/Chainsaw_plankton

@ChainsawPlankto on twitter
Alavaria Fera
GoonWaffe
#57 - 2014-07-19 03:51:51 UTC
Robert Sawyer wrote:
If your API key falls into the wrong hands (example Goonswarm) you are face-deep in a pile of sh*t.
Always hand your API key with caution!

It's over.

Triggered by: Wars of Sovless Agression, Bending the Knee, Twisting the Knife, Eating Sov Wheaties, Bombless Bombers, Fizzlesov, Interceptor Fleets, Running Away, GhostTime Vuln, Renters, Bombs, Bubbles ?
Previous page123