These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE New Citizens Q&A

 
  • Topic is locked indefinitely.
 

Why are so many new bros horrified to give their api keys?

First post
Author
Previous Topic Next Topic
Tipa Riot
Federal Navy Academy
Gallente Federation
#21 - 2015-05-16 21:07:40 UTC  |  Edited by: Tipa Riot
A corp not willing to trust its members or not being able to take cautions in-game is not worth joining.

I'm my own NPC alt.
Kirk Ernaga
Pandemic Horde Inc.
Pandemic Horde
#22 - 2015-05-16 21:26:12 UTC
ergherhdfgh wrote:
The simple fact of the matter is that just asking for an API key keep the majority of problem causers from even applying to your corp. Actually doing a decent API check will keep out the overwhelming majority of people that intend to cause drama. Sure nothing is 100% but API checks are extremely effective.

Yes you will miss out on some potential good recruits but back when we used to do open recruitments we would get war deced every single time that we did some recruiting, even if we only gain 2 or 3 new members. Ever since we started doing API checks that just does not happen anymore.

Worth noting is that some corps are in alliances and some alliances are in coalitions that require API checks of new recruits to minimize awoxer caused political headaches.

I agree that is a pretty poor game mechanic that pretty much requires this level of security and background checks in a game but CCP did advertise the living hell out of awoxer / corp theft / general asshattery as play style for a lot of years. It is a gameplay style that has been carefully cultivated.

It is true that corps don't have to do API checks and that players don't need to give them out. However I don't think anyone can deny that they are extremely effective and pretty much needed in this game. I am willing to bet that the only people that understand the game and would say otherwise are the loner pirate types that the API checks are looking to avoid.

This kind of reflects my personal view. Just because some terrorist get a bomb on a plane doesnt mean you get rid of airport security.
Logan Revelore
Symbiotic Systems
#23 - 2015-05-16 21:30:59 UTC
I guess the noobs are waking up?
Aralyn Cormallen
Deep Core Mining Inc.
Caldari State
#24 - 2015-05-16 21:51:19 UTC
Mr Epeen wrote:
Aralyn Cormallen wrote:
Sniper Smith wrote:
How many people when looking for a job would give over their PW's to social media, banks, etc so someone else can take a look?.


But its not the password you are giving, because that implies they would be able to send messages as you and empty your accounts, which the api does not allow. It is merely the ability to look, and I hate to state the obvious, but most HR departments will look at your social media (people have been fired over ill-adviced Tweets and unfortunate pictures on Facebook), and I wonder how you intend to get paid if you don't give your employer your bank details What? (and that aside, ever had a credit check? Yep, thats an API look at your wallet and assets tab if ever there was one)

Don't compare real life to a game.

Why did you make that reply to me? I was merely responding to Snipers flawed analogy, surely it is her you should have taken issue with for making the comparison. Unless you chose to take the shot at me since my view ran contrary to your own while Snipers supported it?
March rabbit
Aliastra
Gallente Federation
#25 - 2015-05-16 21:56:29 UTC
Aralyn Cormallen wrote:
Sniper Smith wrote:
How many people when looking for a job would give over their PW's to social media, banks, etc so someone else can take a look?.


But its not the password you are giving, because that implies they would be able to send messages as you and empty your accounts, which the api does not allow. It is merely the ability to look, and I hate to state the obvious, but most HR departments will look at your social media (people have been fired over ill-adviced Tweets and unfortunate pictures on Facebook), and I wonder how you intend to get paid if you don't give your employer your bank details What? (and that aside, ever had a credit check? Yep, thats an API look at your wallet and assets tab if ever there was one)

My employer has info about exactly 1(!!!) of my bank account. Just to pay me.
And all other info is not their business.

The Mittani: "the inappropriate drunked joke"
Kirk Ernaga
Pandemic Horde Inc.
Pandemic Horde
#26 - 2015-05-16 22:07:04 UTC
March rabbit wrote:
Aralyn Cormallen wrote:
Sniper Smith wrote:
How many people when looking for a job would give over their PW's to social media, banks, etc so someone else can take a look?.


But its not the password you are giving, because that implies they would be able to send messages as you and empty your accounts, which the api does not allow. It is merely the ability to look, and I hate to state the obvious, but most HR departments will look at your social media (people have been fired over ill-adviced Tweets and unfortunate pictures on Facebook), and I wonder how you intend to get paid if you don't give your employer your bank details What? (and that aside, ever had a credit check? Yep, thats an API look at your wallet and assets tab if ever there was one)

My employer has info about exactly 1(!!!) of my bank account. Just to pay me.
And all other info is not their business.

Never done a criminal background check or a credit check for a job?
Kirk Ernaga
Pandemic Horde Inc.
Pandemic Horde
#27 - 2015-05-16 22:08:38 UTC
Jack Morrison wrote:
When i recruited i never asked guys (or the ladies) fo the mails in the full api, as even the laziest spy can delete all mail history in seconds.
Use a link to ask for apis - it doesn't get more convenient:

https://support.eveonline.com/api/Key/CreatePredefined/268431871

If they can't be bothered to do that, well - then you can't be bothered with the invite to corp button :)

Thanks for the link jack.
ergherhdfgh
Imperial Academy
Amarr Empire
#28 - 2015-05-16 22:12:47 UTC
March rabbit wrote:

My employer has info about exactly 1(!!!) of my bank account. Just to pay me.
And all other info is not their business.

I think what you meant to say is that you only gave your employer info on one of your bank accounts. Many employers do credit checks on perspective employees and some do background checks. I know with in my job some of my customers have run department of homeland security and FBI background checks on me just to let me onto their jobsites. I also once had to do all the above plus an 800 question personality assessment profile "test". Not to mention the bodily fluids that I've had to give up for testing. And I"m just a trade'sman. I don't even have any type of high security job or anything.

Morgan Spurlock has a new show I think it's called "Inside Man" or something like that. He did an episode where he hired a detective to see how much information the detective could get on him from the companies that log that stuff. It blew my mind at how much stuff the guy came back with.

I would say that the average person does not have a clue how much that their employer knows about them. And if you work for the CIA or NSA or are some other type of military based government employee then you have had to basically give them permission to go fish around inside your head for stuff to get the job. I'm not saying that makes it ok or that we should all accept it. I'm very much against this type of invasion of privacy. However I just wanted to point out that I doubt most of use know what our employers know about us.

Want to talk? Join Cara's channel in game: House Forelli
Avaelica Kuershin
Paper Cats
#29 - 2015-05-16 22:16:34 UTC
Who do you trust more, someone who asks for a full api or someone who asks for a limited (though extensive) api.
Sometimes it's a matter of trusting the recruiter knows what they are doing with the information.
Kirk Ernaga
Pandemic Horde Inc.
Pandemic Horde
#30 - 2015-05-16 22:19:55 UTC
Avaelica Kuershin wrote:
Who do you trust more, someone who asks for a full api or someone who asks for a limited (though extensive) api.
Sometimes it's a matter of trusting the recruiter knows what they are doing with the information.

Someone that asks for the full api. That way I can be assured that the corp is doing thorough checks and I wont have ti deal with as many griefers or just plain drama. As a recruiter though I also check the forums and evewho as well.
Sibyyl
Garoun Investment Bank
Gallente Federation
#31 - 2015-05-16 22:23:24 UTC

Kirk Ernaga wrote:

If your so worried about personal privacy, then why have personal conversations via eve mail where it is all visible under a api instead through pidgin or private conversation?


I'm not worried about it. I choose to have these conversations in mail, and I also don't think an unregulated third party should have access to it. It's as simple as that.

I'm not sure why you think I should change my behavior to accommodate someone who gains no security advantage by snooping around in my mail. I think it should be the other way around: the recruiter should accommodate my polite request not to include mail in API.

Blink

Joffy Aulx-Gao for CSM. Fix links and OGB. Ban stabs from plexes. Fulfill karmic justice.
Erica Dusette
Division 13
#32 - 2015-05-16 22:28:37 UTC
Sibyyl wrote:

Kirk Ernaga wrote:

If your so worried about personal privacy, then why have personal conversations via eve mail where it is all visible under a api instead through pidgin or private conversation?


I'm not worried about it. I choose to have these conversations in mail, and I also don't think an unregulated third party should have access to it. It's as simple as that.

I'm not sure why you think I should change my behavior to accommodate someone who gains no security advantage by snooping around in my mail. I think it should be the other way around: the recruiter should accommodate my polite request not to include mail in API.

Blink


Agreed, couldn't have said it better tbh.

As for the OP's original title/question, I think why so many new players may find it daunting is because giving access to such info really is unprecedented compared to most other games out there. I don't give out a mail API when I join any corporations and personally would like to see mail API access removed from the game altogether.

If a group or individual is so paranoid they need to read my mails to feel comfy with me flying beside them then they're not the kind of people I want to play this game with.

Jack Miton > you be nice or you're sleeping on the couch again!

Part-Time Wormhole Pirate Full-Time Supermodel

worмнole dιary + cнaracтer вιoѕвσss
Borat Guereen
Doomheim
#33 - 2015-05-16 22:35:47 UTC
The consequences of giving your API applies to corp you want to join as well as third party developpers tool. There is no guarantee in both cases about how other players will handle your APi data that you install on their software or that you give to their corp/alliance.

Remember that in Eve everyone can be Doctor Jekyll and Mr Hyde at the same time via different alts.
One may offer nice and useful service under a facade in exchange for your API, and then launder the data to their benefit in the back.

I am sure NSA would love if we had APIs in real life and that we would give it to them without any control or oversight.

At Chao3, we do not require API.
Find groups like us that have found ways to enjoy the game without requiring you to give APIs.



Candidate for CSM XII
Violet Hurst
Fedaya Recon
#34 - 2015-05-16 22:40:39 UTC
Kirk Ernaga wrote:
Avaelica Kuershin wrote:
Who do you trust more, someone who asks for a full api or someone who asks for a limited (though extensive) api.
Sometimes it's a matter of trusting the recruiter knows what they are doing with the information.

Someone that asks for the full api. That way I can be assured that the corp is doing thorough checks and I wont have ti deal with as many griefers or just plain drama. As a recruiter though I also check the forums and evewho as well.

Yes, because somebody who couldn't even be bothered to create a custom API key is bound to know what to do with its different parts. I'm sure hundreds of potential awoxers have been averted by checking their science and industry jobs beforehand.
Seriously, if someone has a fetish for rummaging through girls' underwear drawers that's okay. But asking corp applicants for free access is kinda cheap.
Donnachadh
United Allegiance of Undesirables
#35 - 2015-05-17 01:14:06 UTC
This one always gets me CCP flatly states that you should NEVER give your API key to anyone and yet corp all over EvE demand to have your full API key as part of the application process.

Might I suggest that you create a document that explains the differences between the full API key that you have no right to and should never be asking for and the limited API key that was created specifically for these types of situations. In this document you should provide links to websites (official CCP is best) that explain the differences so these new players are reassured that they are not giving you access to information you have no right to even ask for. Once you have taken the time to educate them on this important issue then make damned sure that your request is for the limited API key not the full API key.

The answer is no you cannot expect players that are new to this game to know about the differences between full and limited API keys, much less understand them.

If you are not willing to go to through these steps then as my kids would say "you sir are lazy" and you have no right being a recruiter that deals with new players.
ergherhdfgh
Imperial Academy
Amarr Empire
#36 - 2015-05-17 01:34:32 UTC
One thing for newer players to keep in mind. If you don't want to give any API information in order to join a corp then you don't have to. However what that means is that the only corps that you will be allowed into are ones that do not require APIs. After joining a few of them and then leaving due to constant drama and / or nearly non-stop war decs you might eventually only be looking to join corps that require APIs and do extensive background checks.

Also like many others have pointed out, on your account management webpage there is a section for API management and if you go in there and take a look you will see you can create various different APIs with various levels of access. It is probably worth your while to browse around in there if you are not already familiar with it. After that some of this stuff might make more sense.

Want to talk? Join Cara's channel in game: House Forelli
BeBopAReBop RhubarbPie
University of Caille
Gallente Federation
#37 - 2015-05-17 04:05:25 UTC
Donnachadh wrote:
This one always gets me CCP flatly states that you should NEVER give your API key to anyone and yet corp all over EvE demand to have your full API key as part of the application process.

Citation needed.

Founder of Violet Squadron, a small gang NPSI community! Mail me for more information.

BeBopAReBop RhubarbPie's Space Mediation Service!
Kirk Ernaga
Pandemic Horde Inc.
Pandemic Horde
#38 - 2015-05-17 04:28:02 UTC
Violet Hurst wrote:
Kirk Ernaga wrote:
Avaelica Kuershin wrote:
Who do you trust more, someone who asks for a full api or someone who asks for a limited (though extensive) api.
Sometimes it's a matter of trusting the recruiter knows what they are doing with the information.

Someone that asks for the full api. That way I can be assured that the corp is doing thorough checks and I wont have ti deal with as many griefers or just plain drama. As a recruiter though I also check the forums and evewho as well.

Yes, because somebody who couldn't even be bothered to create a custom API key is bound to know what to do with its different parts. I'm sure hundreds of potential awoxers have been averted by checking their science and industry jobs beforehand.
Seriously, if someone has a fetish for rummaging through girls' underwear drawers that's okay. But asking corp applicants for free access is kinda cheap.

You obviously haven't recruited or dealt with awoxers before as **** like that is exactly what gets them caught.
Sabriz Adoudel
Move along there is nothing here
#39 - 2015-05-17 04:30:22 UTC
Aralyn Cormallen wrote:
Ignoring most of the answers above as they are answering "why are experienced players not willing to give their api" Blink (discounting those who have personal reasons for resisting the intrusion an api check causes, whether justified or not, thats each persons own decision to make, but they are personal, and not likely to be the common reason)

In most cases, ignorance. At first glance for a new player, they will assume the api is the equivilent of handing you their login details, and will react as if that is what you asked. You have to remember that few (in fact, probably no) other games has a function like this, so they'll assume the worst.This can mostly be averted by leading them in to the request slowly, and making sure they get to read CCP's very clear "what is an api" page (EDIT - "was" very clear, I can't find it to link it now, so welp). Sure, some will still be averse to the request even then, but that can't be helped (and odds are, they are the guys with the least secure facebook pages you'll find). But by explaining what an api is, you'll likely avert the initial gut reaction to flee screaming because they think you are trying to hack them.



This is exactly correct.

What other game allows you to offer read-only access to your account to someone?



As for the stupid "API checks only catch bad spies" comments - they make infiltrating your organization more effort than infiltrating a different one. You don't have to be the fastest deer in the herd to live, you just need to not be the slowest.

I support the New Order and CODE. alliance. www.minerbumping.com
Sabriz Adoudel
Move along there is nothing here
#40 - 2015-05-17 04:35:45 UTC
Avaelica Kuershin wrote:
Who do you trust more, someone who asks for a full api or someone who asks for a limited (though extensive) api.
Sometimes it's a matter of trusting the recruiter knows what they are doing with the information.



Someone that asks for a limited API demonstrates (if they have the right stuff in their API) that they are a competent recruiter.

Full API demonstrates that they are diligent (but diligence without competence is possible).

I know what I look for if I suspect a spai.

I support the New Order and CODE. alliance. www.minerbumping.com