These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

A question regarding the privacy of EVE-mail.

First post
Author
Previous Topic Next Topic
Benny Ohu
Royal Amarr Institute
Amarr Empire
#201 - 2015-02-16 15:36:41 UTC
Benny Ohu wrote:
Lucas Kell wrote:
Benny Ohu wrote:
at this point it's acceptable for the service provider to respond to how people might actually be using the service. this can easily be done without disrupting the function of the api
Out of curiosity, how would you do this without disrupting the API?

one-time suppressable info message with a link to api info on the first time eve-mail is opened.

the main issue is the idea that someone other than the recipient can access the mail without the recipient sharing the contents directly, and that it's plausible for an average user to believe that evemail is reasonably secure from third parties (assuming a basic degree of trust between the sender and the service provider)

providing additional info on a game mechanic in this manner i wouldn't usually advocate, but it's also plausible the average user'll mail something personal to a friend or something if they're in the belief that third-party users wouldn't have access. the plausible real-life link is why it's partially on the service provider to ensure as far as is practical that the user is aware of the true functions of the mail service

i don't think anything more than a warning message is practical without causing disruption to others. at least, i can't think of anything vOv

what's practical is a question of how common this 'plausible situation' is

like, if it doesn't happen at all, obviously there's no action that needs to be taken

if it happens all the time (it doesn't), then the function of the api would probably need to be removed

i don't know how to discover how commonly this mistake is made
Lucas Kell
Solitude Trading
S.N.O.T.
#202 - 2015-02-16 15:40:42 UTC
Benny Ohu wrote:
one-time suppressable info message with a link to api info on the first time eve-mail is opened.

the main issue is the idea that someone other than the recipient can access the mail without the recipient sharing the contents directly, and that it's plausible for an average user to believe that evemail is reasonably secure from third parties (assuming a basic degree of trust between the sender and the service provider)

providing additional info on a game mechanic in this manner i wouldn't usually advocate, but it's also plausible the average user'll mail something personal to a friend or something if they're in the belief that third-party users wouldn't have access. the plausible real-life link is why it's partially on the service provider to ensure as far as is practical that the user is aware of the true functions of the mail service

i don't think anything more than a warning message is practical without causing disruption to others. at least, i can't think of anything vOv
That seems reasonable. While I'm of the opinion that people should take a bit of responsibility for themselves, I'm fine with information being presented to a user like this, and if they then choose to ignore it, that's their issue. Probably wouldn't be much work to add in either.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Lucas Kell
Solitude Trading
S.N.O.T.
#203 - 2015-02-16 15:43:57 UTC
xxxTRUSTxxx wrote:
i get his point.. this is my point..


tim sent personal information to bob (stupid person) who gave access to a third party.

did bob read the API key terms?

maybe,, maybe not,, it's not CCP's fault. don't you think the fault is with Tim and Bob ? lol
yeah, I think the issue is with Tim for sending it and Bob for sharing it, though it's more understandable that Tim wouldn't know as he hasn't set up a key and that's where that info is given out. I like Bennys idea of just giving that notification when you first open you mail however. That to me is a better place to say "hey, anything you send in here may be shared, so don't be a douche and send personal information", as you see it before you send the mail, not just if and when you choose to set up a key.

That said, I don't think it's a particularly large problem and like you say, it's their own faults, so it's more of a "nice to have" than a "need to have" thing.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Lucas Kell
Solitude Trading
S.N.O.T.
#204 - 2015-02-16 15:44:55 UTC
Jenn aSide wrote:
Upon seeing Lucas Kell agree with me I have discovered that i am wrong (must be if Lucas agrees) and surrender peacefully to Benny Ohu in exchange for protect from commander Save'Em Kell!!!
It's OK, I've been won over by his simple idea for a solution now, so you can go back to hating.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
xxxTRUSTxxx
Galactic Rangers
#205 - 2015-02-16 15:48:29 UTC
Lucas Kell wrote:
xxxTRUSTxxx wrote:
i get his point.. this is my point..


tim sent personal information to bob (stupid person) who gave access to a third party.

did bob read the API key terms?

maybe,, maybe not,, it's not CCP's fault. don't you think the fault is with Tim and Bob ? lol
yeah, I think the issue is with Tim for sending it and Bob for sharing it, though it's more understandable that Tim wouldn't know as he hasn't set up a key and that's where that info is given out. I like Bennys idea of just giving that notification when you first open you mail however. That to me is a better place to say "hey, anything you send in here may be shared, so don't be a douche and send personal information", as you see it before you send the mail, not just if and when you choose to set up a key.

That said, I don't think it's a particularly large problem and like you say, it's their own faults, so it's more of a "nice to have" than a "need to have" thing.



yes i guess it would be nice to have, but i still think most will not read the warning and click accept and tick the do not show again box.
Lucas Kell
Solitude Trading
S.N.O.T.
#206 - 2015-02-16 15:52:07 UTC
xxxTRUSTxxx wrote:
yes i guess it would be nice to have, but i still think most will not read the warning and click accept and tick the do not show again box.
That's fine, if you did that you'd have absolutely no excuse, just like if you jump into lowsec when you're not ready and ignore the warning. I'd definitely be firmly on the "against" side if the suggestion was a mechanics change to limit it, but more info is fine.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Benny Ohu
Royal Amarr Institute
Amarr Empire
#207 - 2015-02-16 15:53:46 UTC
xxxTRUSTxxx wrote:
yes i guess it would be nice to have, but i still think most will not read the warning and click accept and tick the do not show again box.

at that point i don't give a damn, there's no way this happens commonly enough or severely enough to justify modifying the api function
Jenn aSide
Worthless Carebears
The Initiative.
#208 - 2015-02-16 15:54:37 UTC
Lucas Kell wrote:
Jenn aSide wrote:
Upon seeing Lucas Kell agree with me I have discovered that i am wrong (must be if Lucas agrees) and surrender peacefully to Benny Ohu in exchange for protect from commander Save'Em Kell!!!
It's OK, I've been won over by his simple idea for a solution now, so you can go back to hating.


lol, 'simple solution to something that isn't a problem in the least.

This is why EVE online now has pop ups for every single event Pop ups if you want to destroy a rig, or jettison a can, or jump in to low sec, or even try to undock with a 'mission critical item' not being in your cargo hold (that last one is particularly egregious , NOTHING teaches you to check your cargo like forgetting the mission item you came for and having to back track 6 jumps to get it, now new mission runners don't have to even do that much...).

I'll ask again, why is the idea of expecting (mostly) grown folks to look after their own interests like sunshine on a vampire to some people? EVE used to treat us like adults now it's "prophylactic pop ups and safeties online". I'm surprised I don't get a "don't forget to flush" pop up in the bathroom nowadays.
xxxTRUSTxxx
Galactic Rangers
#209 - 2015-02-16 15:54:59 UTC
Lucas Kell wrote:
xxxTRUSTxxx wrote:
yes i guess it would be nice to have, but i still think most will not read the warning and click accept and tick the do not show again box.
That's fine, if you did that you'd have absolutely no excuse, just like if you jump into lowsec when you're not ready and ignore the warning. I'd definitely be firmly on the "against" side if the suggestion was a mechanics change to limit it, but more info is fine.


agreed
Lucas Kell
Solitude Trading
S.N.O.T.
#210 - 2015-02-16 16:01:42 UTC
Jenn aSide wrote:
lol, 'simple solution to something that isn't a problem in the least.
It's not really a problem, I'd agree, but more info doesn't hurt. It would only show up once too, so meh.

Jenn aSide wrote:
This is why EVE online now has pop ups for every single event Pop ups if you want to destroy a rig, or jettison a can, or jump in to low sec, or even try to undock with a 'mission critical item' not being in your cargo hold (that last one is particularly egregious , NOTHING teaches you to check your cargo like forgetting the mission item you came for and having to back track 6 jumps to get it, now new mission runners don't have to even do that much...).
But that's how EVE works. Pretty much everything is dont by them spitting scraps of info at you and saying "That's how it works, figure out how to use it". It's not like other games where they walk you through basically everything you'll ever do again in the game forever step by step. I have no problem with popups telling you what stuff does and how stuff works.

Jenn aSide wrote:
I'll ask again, why is the idea of expecting (mostly) grown folks to look after their own interests like sunshine on a vampire to some people? EVE used to treat us like adults now it's "prophylactic pop ups and safeties online". I'm surprised I don't get a "don't forget to flush" pop up in the bathroom nowadays.
It's still asking them to look after themselves, it's just moving the information from when you set up the API key to when you send the mail, since it's reasonable to suggest that players who send mails with personal info won't have read the API key page. It's not even adding the info, it really is just copying a snippet of it from the page to the game. I certainly wouldn't want it to be some kind of safety, like an anti-personal-info filter or a change to the API system.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Jenn aSide
Worthless Carebears
The Initiative.
#211 - 2015-02-16 16:07:47 UTC
Lucas Kell wrote:
But that's how EVE works. Pretty much everything is dont by them spitting scraps of info at you and saying "That's how it works, figure out how to use it". It's not like other games where they walk you through basically everything you'll ever do again in the game forever step by step. I have no problem with popups telling you what stuff does and how stuff works.


You are aware that missions basically tell you how to run themselves now right..

I simply have no sympathy for people who can't burn 1 brain cell in their own defense, whiich is why I asked a stupid question about EVemail 8 years ago instead of just assuming that everything will be ok because "someone is supposed to help me take care of myself".
Lucas Kell
Solitude Trading
S.N.O.T.
#212 - 2015-02-16 16:18:23 UTC
Jenn aSide wrote:
You are aware that missions basically tell you how to run themselves now right..
It's not really much different from how it use to be, other than now you have that on your screen rather than having to open up a window.

Jenn aSide wrote:
I simply have no sympathy for people who can't burn 1 brain cell in their own defense, whiich is why I asked a stupid question about EVemail 8 years ago instead of just assuming that everything will be ok because "someone is supposed to help me take care of myself".
Neither do I, but I don't think it's unreasonable to present people with relevant information early on. You could say the entire tutorial and career system is pointelss too. It wasn't there when I joined, I just had to fly into space and figure out what was what. But that system is very beneficial, as it can teach people the basics so they'll adapt to the game better. Admittedly it needs some work on explaining PvP and piracy, but it gives people a starting point.

As I said before, I'm always happy for more info. If people choose to ignore it, that's their problem, but it should be there for those who want to take the time to read it and try to improve. This particular instance is almost nothing, it's barely a problem at all, but if a viable solution is "give them a quick message to read", I'm all for it.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Vyl Vit
#213 - 2015-02-16 18:31:34 UTC  |  Edited by: Vyl Vit
Just putting stuff "on the internet"? No such animal. Case in point - secure transactions. A secure transaction is done using the internet, but can't be legally or otherwise considered to be broadcasting your credit card information. There is a right of expectation that the one receiving the information - all verifications of legitimacy being met - will keep the data confidential. Violation of this NOW opens the recipient to legal ramifications. This "putting things on the internet" statement is an -ism that can now take its place beside "the boogyman."

It is understood by all legitimate legal authority there are many types of information which receive various considerations in law, and law expects from professionals specific sorts of treatment for this. The Federal Bureau of Investigation (FBI) in the U.S. is keen on paying visits to people who would challenge this, and U.S. federal sentencing has no plea bargaining for sentence reductions.

Certain transactions have always been circumventable, or open to felonious obstruction. From the time someone could dip a quill into a bottle of ink, forgery was possible, for instance. Law enforcement has always seen itself as responsible for making strides in keeping up with new criminal inventions, and even anticipating potential areas of criminal exploitation whenever possible. The internet is no different. It is not viewed as a wide-open, anything goes environment. I'm not familiar with Europe's approach to this through the EU, but I'd be willing to bet (all YOUR stuff) it's quite similar with Scotland Yard and Interpol. I think Iceland even has police. (Right?)

This is CCP's responsibility, with their legal beagles, the Icelandic Legislature and the legal structure within which EVE can be said to operate under statutory obligation. It is neither a matter for speculation by a playerbase, nor the jurisdiction of armchair legal experts. The framework under which this sort of thing is bound by law to function is established. No amount of our getting on our high horses here and declaring what the superior reality must be has any standing.

The way things like this are tested, if the powers that be refuse to make their own examination of it, is by filing a legal case and forcing the issue in a court of law; probably civil or tort law, but especially with how internet laws intended to protect minors are being written (these days) quite possibly criminal, as well.

I know this won't stop anybody from expounding their mighty pontifications. I just thought I'd MENTION IT.
If you don't like how the LAW is written, vote. Vote early, and often!

Paradise is like where you are right now, only much, much better.
Cara Forelli
State War Academy
Caldari State
#214 - 2015-02-16 19:06:33 UTC
Relevant

Want to talk? Join my channel in game: House Forelli

Titan's Lament
Concord Guy's Cousin
Doomheim
#215 - 2015-02-16 19:27:36 UTC  |  Edited by: Concord Guy's Cousin
Vyl Vit wrote:
Just putting stuff "on the internet"? No such animal. Case in point - secure transactions. A secure transaction is done using the internet, but can't be legally or otherwise considered to be broadcasting your credit card information. There is a right of expectation that the one receiving the information - all verifications of legitimacy being met - will keep the data confidential. Violation of this NOW opens the recipient to legal ramifications. This "putting things on the internet" statement is an -ism that can now take its place beside "the boogyman."

It is understood by all legitimate legal authority there are many types of information which receive various considerations in law, and law expects from professionals specific sorts of treatment for this. The Federal Bureau of Investigation (FBI) in the U.S. is keen on paying visits to people who would challenge this, and U.S. federal sentencing has no plea bargaining for sentence reductions.

Certain transactions have always been circumventable, or open to felonious obstruction. From the time someone could dip a quill into a bottle of ink, forgery was possible, for instance. Law enforcement has always seen itself as responsible for making strides in keeping up with new criminal inventions, and even anticipating potential areas of criminal exploitation whenever possible. The internet is no different. It is not viewed as a wide-open, anything goes environment. I'm not familiar with Europe's approach to this through the EU, but I'd be willing to bet (all YOUR stuff) it's quite similar with Scotland Yard and Interpol. I think Iceland even has police. (Right?)

This is CCP's responsibility, with their legal beagles, the Icelandic Legislature and the legal structure within which EVE can be said to operate under statutory obligation. It is neither a matter for speculation by a playerbase, nor the jurisdiction of armchair legal experts. The framework under which this sort of thing is bound by law to function is established. No amount of our getting on our high horses here and declaring what the superior reality must be has any standing.

The way things like this are tested, if the powers that be refuse to make their own examination of it, is by filing a legal case and forcing the issue in a court of law; probably civil or tort law, but especially with how internet laws intended to protect minors are being written (these days) quite possibly criminal, as well.

I know this won't stop anybody from expounding their mighty pontifications. I just thought I'd MENTION IT.
If you don't like how the LAW is written, vote. Vote early, and often!
You appear to be forgetting that Eve characters are fictional in the sense that they don't exist outside of the Eve universe or its associated media. If we were talking about an actual real life privacy breach then you'd have a point, but we're not, we're talking about fictional characters in a fictional universe where the only physicalities those characters have is as database entries and avatars.

If somebody is daft enough to give out information, that may be used in real life, to others within the Eve universe then that's their lookout.

ISD LackOfFaith ~ "Your Catalyst was a hamster, and your Retriever smelt of elderberries"

NPC Forum Alt, because reasons.
Gully Alex Foyle
The Scope
Gallente Federation
#216 - 2015-02-16 19:34:39 UTC
Cara Forelli wrote:
Relevant
+1, re: that comic, I'm half nihilist, half burrito.

Make space glamorous! Is EVE dying or not? Ask the EVE-O Death-o-meter!
Cara Forelli
State War Academy
Caldari State
#217 - 2015-02-16 19:36:42 UTC
Gully Alex Foyle wrote:
Cara Forelli wrote:
Relevant
+1, re: that comic, I'm half nihilist, half burrito.

Me too! Big smile

Want to talk? Join my channel in game: House Forelli

Titan's Lament
Concord Guy's Cousin
Doomheim
#218 - 2015-02-16 19:37:34 UTC
Gully Alex Foyle wrote:
Cara Forelli wrote:
Relevant
+1, re: that comic, I'm half nihilist, half burrito.
Is a burrito like a kebab, only edible when you're mashed?

ISD LackOfFaith ~ "Your Catalyst was a hamster, and your Retriever smelt of elderberries"

NPC Forum Alt, because reasons.
Paranoid Loyd
#219 - 2015-02-16 19:39:11 UTC
Cara Forelli wrote:
Relevant

Now I want a burrito and I don't have one. Sad

"There is only one authority in this game, and that my friend is violence. The supreme authority upon which all other authority is derived." ISD Max Trix

Fix the Prospect!
Orlacc
#220 - 2015-02-16 19:42:06 UTC
Vyl Vit wrote:
Just putting stuff "on the internet"? No such animal. Case in point - secure transactions. A secure transaction is done using the internet, but can't be legally or otherwise considered to be broadcasting your credit card information. There is a right of expectation that the one receiving the information - all verifications of legitimacy being met - will keep the data confidential. Violation of this NOW opens the recipient to legal ramifications. This "putting things on the internet" statement is an -ism that can now take its place beside "the boogyman."

It is understood by all legitimate legal authority there are many types of information which receive various considerations in law, and law expects from professionals specific sorts of treatment for this. The Federal Bureau of Investigation (FBI) in the U.S. is keen on paying visits to people who would challenge this, and U.S. federal sentencing has no plea bargaining for sentence reductions.

Certain transactions have always been circumventable, or open to felonious obstruction. From the time someone could dip a quill into a bottle of ink, forgery was possible, for instance. Law enforcement has always seen itself as responsible for making strides in keeping up with new criminal inventions, and even anticipating potential areas of criminal exploitation whenever possible. The internet is no different. It is not viewed as a wide-open, anything goes environment. I'm not familiar with Europe's approach to this through the EU, but I'd be willing to bet (all YOUR stuff) it's quite similar with Scotland Yard and Interpol. I think Iceland even has police. (Right?)

This is CCP's responsibility, with their legal beagles, the Icelandic Legislature and the legal structure within which EVE can be said to operate under statutory obligation. It is neither a matter for speculation by a playerbase, nor the jurisdiction of armchair legal experts. The framework under which this sort of thing is bound by law to function is established. No amount of our getting on our high horses here and declaring what the superior reality must be has any standing.

The way things like this are tested, if the powers that be refuse to make their own examination of it, is by filing a legal case and forcing the issue in a court of law; probably civil or tort law, but especially with how internet laws intended to protect minors are being written (these days) quite possibly criminal, as well.

I know this won't stop anybody from expounding their mighty pontifications. I just thought I'd MENTION IT.
If you don't like how the LAW is written, vote. Vote early, and often!



As I mentioned earlier, my armchair friend, read the EULA. You own nothing in the game. Just like the states where emails sent through a company's system using a company address are owned by the company, not you. Common sense folks, common sense.

"Measure Twice, Cut Once."