These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE New Citizens Q&A

 
  • Topic is locked indefinitely.
12Next page
 

Giving out the Full API - what's the worst that could happen?
Author
Previous Topic Next Topic
Cattegirn
Imperial Guardians
Tactical Narcotics Team
#1 - 2014-10-14 23:38:10 UTC
I've been asked a couple times for a full API. Assuming I'm not a secret agent and have no hidden Titan, what's the worst that can happen to me if it ends up in the wrong hands?
Brink Albosa
Republic Military School
Minmatar Republic
#2 - 2014-10-14 23:43:30 UTC
Cattegirn wrote:
I've been asked a couple times for a full API. Assuming I'm not a secret agent and have no hidden Titan, what's the worst that can happen to me if it ends up in the wrong hands?


Nothing.

They can read your mail, see your assets, wallet history for 3 months.

If it fell into the wrong hands? Can always delete the key.
Derrick Miles
Death Rabbit Ky Oneida
#3 - 2014-10-15 00:45:06 UTC
The API only provides your personal information, specifically the stuff listed on this page.
BB Avalos
Multiplex Gaming
Tactical Narcotics Team
#4 - 2014-10-15 03:23:01 UTC
OP -

You might get EVE-bola sharing your API with other space rangers.

Seriously. The main points were just made. Share your API, if you make the corp keep the key or get rejected, change the key.

API is basically a lock box that has all your EVE info, ISK, Items etc. or how ever you set it Full API or not.
Ralph King-Griffin
New Eden Tech Support
#5 - 2014-10-15 07:33:19 UTC
It is standard practice to ask for one if the Corp has anything worth sstealing.

Murderers of Negotiable Motivations

=]|[=
Drago Shouna
Doomheim
#6 - 2014-10-15 08:11:32 UTC
If you want someone to know about everything you own, how much you are earning, who you are talking to, what industry you do etc, etc, etc then give it out.

If however, like a lot of players you're of the opinion that it's got sod all to do with them, then don't.

I personally have never been asked for an api, maybe I have just been lucky and avoided the paranoid ceo's, if I had been asked? It would have been a resounding no.

There was a thread a few weeks ago of a similar nature, in it a guy was apparently refused a ship from the corp ship replacement plan because they checked his api and decided he could afford his own, so beware....

Solecist Project...." They refuse to play by the rules and laws of the game and use it as excuse ..." " They don't care about how you play as long as they get to play how they want."

Welcome to EVE.
Luwc
State War Academy
Caldari State
#7 - 2014-10-15 08:12:41 UTC
you forget to delete it.
become a capital FC
and BL or PL is gonna **** your **** up

http://hugelolcdn.com/i/267520.gif
Ka'Narlist
Dreddit
Test Alliance Please Ignore
#8 - 2014-10-15 08:18:03 UTC
Cattegirn wrote:
what's the worst that can happen to me if it ends up in the wrong hands?

Someone watching over your shoulder with every step you do in the game
erg cz
Federal Jegerouns
#9 - 2014-10-15 08:48:36 UTC
Ka'Narlist wrote:

Someone watching over your shoulder with every step you do in the game


Also happily married... Yes, I know that feeling.

Absolutely free head start for newcomers!. Just click the link and get extra 250 000 SP!
Gregor Parud
Imperial Academy
#10 - 2014-10-15 10:57:07 UTC  |  Edited by: Gregor Parud
Cattegirn wrote:
I've been asked a couple times for a full API. Assuming I'm not a secret agent and have no hidden Titan, what's the worst that can happen to me if it ends up in the wrong hands?


Read your mails, know your friends, alts and people you're connected with. know if and where you're producing stuff so they can find and target POS you use. Lets say you join corp A and give them full API, then you realise they're a bunch of cunts so you leave and join some other corp which you actually like. Through your API that first corp can now learn a lot about your new corp and can choose to use than info against them and yourself.

This is how the majority of "spying" happens; ppl are too willing to give out their API keys and too lazy to delete/change them afterwards. You're not going to catch a good spy with API and the bad spies won't be a problem, it's just a means to control and spy on members. The whole "so we can see what skills you have" is in the majority of cases a non-reason.


So, any non-super organised/high profile corp that asks for your API first, tell them that you're fine in doing so if they first give their own API to you. They'll reply with "lol no" and then you reply with "exactly".
Jean Luc Lemmont
Carebears on Fire
#11 - 2014-10-15 15:01:43 UTC
What it boils down to is this:

You choose who to give any given key to.
You can delete any key at any time.
If you don't want someone to have a key, refuse to give it to them, with the fore knowledge that you may be refused a position in their corp or kicked from the corp/corp accessories (forums, etc).

Will I get banned for boxing!?!?!

This thread has degenerated to the point it's become like two bald men fighting over a comb. -- Doc Fury

It's bonuses, not boni, you cretins.
Cara Forelli
State War Academy
Caldari State
#12 - 2014-10-15 17:13:35 UTC  |  Edited by: Cara Forelli
Make a SEPARATE key for each use and give it a descriptive name. "EFT key", "Green Skull application key" etc. Then if your application doesn't go through, delete it immediately.

Drago Shouna wrote:
There was a thread a few weeks ago of a similar nature, in it a guy was apparently refused a ship from the corp ship replacement plan because they checked his api and decided he could afford his own, so beware....

That was more the result of a terrible corp with terrible leadership than the fault of API keys. In my opinion giving out your API for recruitment is no big deal, and if it is a big deal then you probably have something to hide. Unless you are joining a group that is already planning on scamming you, no one cares how much money you have or where your industry jobs are. And if they do then you've already made a mistake with your selection.

I once knew a guy that refused to use the static mapper website to check wormhole classifications because it was able to determine what system he was in and display info for it. He was convinced that someone would find and kill his worthless hacking frigate because it knew his location. It's good to be paranoid in EVE but try to keep your self-importance in perspective. In most cases, no one really cares about you.

Want to talk? Join my channel in game: House Forelli

Titan's Lament
Baneken
Arctic Light Inc.
Arctic Light
#13 - 2014-10-15 20:05:27 UTC
Gregor Parud wrote:

So, any non-super organised/high profile corp that asks for your API first, tell them that you're fine in doing so if they first give their own API to you. They'll reply with "lol no" and then you reply with "exactly".


Which is the point of asking that API in the first place, if you aren't willing to show commitment by at least giving the corp your full API then why should they let you in ?

Anyway you can also check from access logs on who is querying your API as they are sorted by IP adress.
Cattegirn
Imperial Guardians
Tactical Narcotics Team
#14 - 2014-10-15 20:48:09 UTC  |  Edited by: Cattegirn
How far back (and is it weeks, months, years) your mails and trades are stored in the API? If it's not stored how on earth do you catch a spy when they can just delete the evidence first?

A lot of data is available on what gets given out - what I'm mostly interested in understanding is not what goes out there but what a clever player with hostile intent can DO with that information.

Thanks.
Cattegirn
Imperial Guardians
Tactical Narcotics Team
#15 - 2014-10-15 21:08:04 UTC
Also did not see tacticals (bookmarks, in-space places you've saved, for newer folks) on the list. Are they compromised by a full api disclosure or kept secret?

That's the biggest one for me (as far as I know - lol) Having all your safespots known would be bad.
Gregor Parud
Imperial Academy
#16 - 2014-10-15 21:39:15 UTC
Baneken wrote:
Gregor Parud wrote:

So, any non-super organised/high profile corp that asks for your API first, tell them that you're fine in doing so if they first give their own API to you. They'll reply with "lol no" and then you reply with "exactly".


Which is the point of asking that API in the first place, if you aren't willing to show commitment by at least giving the corp your full API then why should they let you in ?

Anyway you can also check from access logs on who is querying your API as they are sorted by IP adress.


Why show commitment to a group you don't know yet and a recruiter you can't trust yet. By that same logic said recruiter can show his commitment by giving out his own API.
Cara Forelli
State War Academy
Caldari State
#17 - 2014-10-15 21:39:38 UTC
Cattegirn wrote:
If it's not stored how on earth do you catch a spy when they can just delete the evidence first?

-Bad spies are caught immediately.

-Moderately good spies are caught because you find enough discrepancies in their API that they can't explain (so you are a new player but you have 2 billion isk? Why were you in these three corps for two days each? If you claim to be a miner, why do you have mostly combat skills? So you were a member of a rival bloc? So you were a recently member of another wormhole corp? etc.)

-Good spies are not caught.

The last one is the bread-and-butter excuse of anti-API people. "Well you aren't gonna catch a good spy anyway". However, as someone who has actually been a part of recruitment, I can attest that many people fall into the first two categories and APIs do serve a purpose as a basic safeguard. Obviously the size and rate of recruitment of the group make a big difference to the importance as well. Some corps are invite-only for trusted parties and APIs are largely useless. Others drop their ads in local and accept anyone.

APIs don't give away safe spots.

Want to talk? Join my channel in game: House Forelli

Titan's Lament
Elsa Hayes
Science and Trade Institute
Caldari State
#18 - 2014-10-15 21:59:19 UTC
It´s quite simple when asked for a full none expiring API key demand the same from the CEO I mean they could just recruit you to blow you up so for your own "safety" demand the same from the CEO and all directors. If they agree, fine no one has anything to hide, if they don´t move on.

Cara Forelli
State War Academy
Caldari State
#19 - 2014-10-15 22:33:26 UTC
Elsa Hayes wrote:
It´s quite simple when asked for a full none expiring API key demand the same from the CEO I mean they could just recruit you to blow you up so for your own "safety" demand the same from the CEO and all directors. If they agree, fine no one has anything to hide, if they don´t move on.

Such a ridiculous argument.

They have an entire corporation to protect. CEOs and directors are some of the few people that actually have sensitive intel in their APIs that should most definitely not be public knowledge, for the protection of their own members' interests. Giving it out to anyone that feigns interest in the corp would be absurd.

What you suggest would be like going to a job interview and demanding the HR person's social security number and birth date. Ludicrous right?


Everyone can make their own decision, whether or not they want to give out their API key. Some people have pretty legitimate concerns. For example, station traders may not want their trade secrets getting out. The catch is, no one HAS to let you in to their corp. So ask yourself. Is your information so important that you'd rather play by yourself, or with a group that has minimal security for their members? Maybe the answer is yes. For most, it's no.

Elsa Hayes wrote:
I mean they could just recruit you to blow you up

They don't need an API for that and likewise you don't need their API. Just check public killboards to see if they kill corp members. Stop rumor-mongering please.

Want to talk? Join my channel in game: House Forelli

Titan's Lament
Max Deveron
Deveron Shipyards and Technology
Citizen's Star Republic
#20 - 2014-10-15 22:34:30 UTC
API's have a lot to do with initial groundwork background checks. Even i ask for a full API from strangers that i have no previous contact with. When we recruited openly in my corp...it took us a minimum of a week to decide on accepting someone or not...in that time we kept potential recruits in a chat channel meant for them. After recruitment we were alright with not having a full api but required a different API that never expired so if things went amiss in corp hangars for example we could run an investigation .
Otherwise we only required API check for specific things of a member if suspicions were raised and we needed to see mails, contacts, or wallet transactions.
12Next page