These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE New Citizens Q&A

 
  • Topic is locked indefinitely.
 

Why are so many new bros horrified to give their api keys?

First post
Author
Previous Topic Next Topic
Sibyyl
Garoun Investment Bank
Gallente Federation
#41 - 2015-05-17 05:33:11 UTC

ergherhdfgh wrote:
One thing for newer players to keep in mind. If you don't want to give any API information in order to join a corp then you don't have to. However what that means is that the only corps that you will be allowed into are ones that do not require APIs. After joining a few of them and then leaving due to constant drama and / or nearly non-stop war decs you might eventually only be looking to join corps that require APIs and do extensive background checks.


One thing that's not mentioned here is that (almost) everything in EVE is negotiable. People can ask you for a lot of things, but it doesn't mean you have to give it to them to get something yourself.

Joffy Aulx-Gao for CSM. Fix links and OGB. Ban stabs from plexes. Fulfill karmic justice.
13kr1d1
Hedion University
Amarr Empire
#42 - 2015-05-17 05:56:30 UTC
Because Alts, like APIs, are just boring extra fluff. We shouldn't be allowed to have any of it. Imagine how it would be for one person to have one character, have that rep follow them around, and no one has access to any other information because of extra paperword vis a vis API.

Suddenly the game is more streamlined for content. People actually play instead of do research on other players all god damn day.

A lot of issues of eve being boring and not newbie friendly stems from a lot of stuff that allows players to do insanely boring things in the name of risk management.

Don't kid yourselves. Even the dirtiest pirates from the birth of EVE have been carebears. They use alts to bring them goods at cheap prices and safely, rather than live with consequences of their in game actions on their main, from concord to prices
13kr1d1
Hedion University
Amarr Empire
#43 - 2015-05-17 05:59:15 UTC
Kirk Ernaga wrote:
March rabbit wrote:
Aralyn Cormallen wrote:
Sniper Smith wrote:
How many people when looking for a job would give over their PW's to social media, banks, etc so someone else can take a look?.


But its not the password you are giving, because that implies they would be able to send messages as you and empty your accounts, which the api does not allow. It is merely the ability to look, and I hate to state the obvious, but most HR departments will look at your social media (people have been fired over ill-adviced Tweets and unfortunate pictures on Facebook), and I wonder how you intend to get paid if you don't give your employer your bank details What? (and that aside, ever had a credit check? Yep, thats an API look at your wallet and assets tab if ever there was one)

My employer has info about exactly 1(!!!) of my bank account. Just to pay me.
And all other info is not their business.

Never done a criminal background check or a credit check for a job?


since having a criminal background is not supposed to be something you can legally use to discriminate in most jobs, probably not.

Don't kid yourselves. Even the dirtiest pirates from the birth of EVE have been carebears. They use alts to bring them goods at cheap prices and safely, rather than live with consequences of their in game actions on their main, from concord to prices
13kr1d1
Hedion University
Amarr Empire
#44 - 2015-05-17 06:03:54 UTC
Tipa Riot wrote:
A corp not willing to trust it's members or not being able to take cautions in-game is not worth joining.


Like others have said, a good spy/corp theft alt will be a paid single account cultivated to get into places and get trust.

Anyone else can work their way up the ranks of trust, either on the ground floor of a ****** low quality corp that will get big later (not a spy/corp theft target), or as a grunt in an already big corp.

If you manage your corp well, you manage risk with losses by restricting access and having a graduating level of trust for people in positions. This common sense approach does not require API. If you lack common sense, API will not help your corp keep out theft.

"Dont fly what you cant afford to lose".

How about "Don't trust to new corp members what you cant afford to lose".

Again, it's about managing and having low levels of risk and acceptable losses.

Much less personal grief than trying to force people to give full API so you can sit there like an idiot looking through it all.

Don't kid yourselves. Even the dirtiest pirates from the birth of EVE have been carebears. They use alts to bring them goods at cheap prices and safely, rather than live with consequences of their in game actions on their main, from concord to prices
Kirk Ernaga
Pandemic Horde Inc.
Pandemic Horde
#45 - 2015-05-17 06:07:39 UTC
13kr1d1 wrote:
Kirk Ernaga wrote:
March rabbit wrote:
Aralyn Cormallen wrote:
Sniper Smith wrote:
How many people when looking for a job would give over their PW's to social media, banks, etc so someone else can take a look?.


But its not the password you are giving, because that implies they would be able to send messages as you and empty your accounts, which the api does not allow. It is merely the ability to look, and I hate to state the obvious, but most HR departments will look at your social media (people have been fired over ill-adviced Tweets and unfortunate pictures on Facebook), and I wonder how you intend to get paid if you don't give your employer your bank details What? (and that aside, ever had a credit check? Yep, thats an API look at your wallet and assets tab if ever there was one)

My employer has info about exactly 1(!!!) of my bank account. Just to pay me.
And all other info is not their business.

Never done a criminal background check or a credit check for a job?


since having a criminal background is not supposed to be something you can legally use to discriminate in most jobs, probably not.

That may be true in your country, but not in mine. I have had several jobs you can not have with a criminal containing certain convictions.
Tipa Riot
Federal Navy Academy
Gallente Federation
#46 - 2015-05-17 08:11:49 UTC
Donnachadh wrote:

The answer is no you cannot expect players that are new to this game to know about the differences between full and limited API keys, much less understand them.

If you are not willing to go to through these steps then as my kids would say "you sir are lazy" and you have no right being a recruiter that deals with new players.

Well, the point is to request full APIs with the sole purpose to monitor your other chars, mails, contacts, wallet transactions, jobs, etc. If we would be talking about strictly limited APIs to verify your in-game identity and skills, this thread would be talking about a non-issue.

I'm my own NPC alt.
Donnachadh
United Allegiance of Undesirables
#47 - 2015-05-17 15:51:29 UTC
BeBopAReBop RhubarbPie wrote:
Donnachadh wrote:
This one always gets me CCP flatly states that you should NEVER give your API key to anyone and yet corp all over EvE demand to have your full API key as part of the application process.

Citation needed.

None needed as it was my error in reading the information on CCP's web site. Apologies to all for the inaccuracy of my statement.

Tipa Riot wrote:
Donnachadh wrote:

The answer is no you cannot expect players that are new to this game to know about the differences between full and limited API keys, much less understand them.

If you are not willing to go to through these steps then as my kids would say "you sir are lazy" and you have no right being a recruiter that deals with new players.

Well, the point is to request full APIs with the sole purpose to monitor your other chars, mails, contacts, wallet transactions, jobs, etc. If we would be talking about strictly limited APIs to verify your in-game identity and skills, this thread would be talking about a non-issue.

If a corp wants an API key I have no trouble with them asking, the player always has the option to refuse and not join.

As is oft the case this topic has lost sight of the original question "why are so many new bros horrified to give their api key".
I am a veteran player and as pointed out by BeBopAReBop above even I did not fully understand the limits of the API key system.
IF a vet player is not fully aware of the API system then it is very likely that "new bros" do not understand it either and that misunderstanding is likely to be the most common factor in a new players refusal to give out API key information.

The letter I mentioned would not take more than 10 to 15 minutes at max to write and once written would only need to be updated on an as needed basis. Sending this letter out prior to or at the same time as the request for API key information serves the applicant, the recruiter and his corp equally. The applicant has been educated on the limits of the API key and so may be less likely to refuse to provide it and the recruiter benefits in that they may have less hassles getting the information they require to process the application. It seems to me that this little bit of extra effort presents a win - win situation for applicant and corp as well as going along way to eliminating the situations that brought about this topic to start with.

And I still stand by my statement. If a recruiter is not willing to make the extra effort to educate applicants on the limits of the API system and why they need/want that information then they are lazy and probably should not be dealing with new player applications to their corp.
13kr1d1
Hedion University
Amarr Empire
#48 - 2015-05-17 17:52:44 UTC
If newbros dont want to deal with the risks and hassles of API, and you 'vets' keep pressuring people for it, then expect to have empty corps.

Don't kid yourselves. Even the dirtiest pirates from the birth of EVE have been carebears. They use alts to bring them goods at cheap prices and safely, rather than live with consequences of their in game actions on their main, from concord to prices
Milla Jjovovich
Never Comeback Airline
#49 - 2015-05-17 19:22:12 UTC
Sniper Smith wrote:
How many people when looking for a job would give over their PW's to social media, banks, etc so someone else can take a look?
That's how many people feel about API's..


some places credit check you for a job, imagine that being credit checked to go get a job to pay debts
Eve Solecist
Shitt Outta Luck - GANKING4GOOD
#50 - 2015-05-17 20:39:04 UTC  |  Edited by: Eve Solecist
BeBopAReBop RhubarbPie wrote:
Eve Solecist wrote:
It does not prevent anything except the most stupidest awoxxers.
A spy would never be caught by a full api key, because then he's just fail.

I ******* hate this fallacy. Yes, good spies will not be caught by api checks. But how many spies do you think are actually good? Just the act of asking for an api keeps some out. Actually checking it will catch some more. Do you really want those people in your corp? Yes, you still have to contend with competent spies, and other security measures can do that, but weeding out the bad ones is immensely helpful.

No.

Sorry for the late reply.
Spies don't emerge out of random people.

First it takes opportunity to make one.
Then it takes the right type of person.


And they know they can do it. Accidential spies emerge out of those ...
... who see the opportunity as a chance, because they can !

The vast majority of people will never even realise an opportunity ...
... or will not do it, because it's theft !

The others are the "notdoingitagain" group of those ...
... who regret it afterwards and give the stuff back ...
... or feel too bad about it to do it.


The API key is useless against new players who did not intentionally plan the theft.
The API key is useless against clean accounts with only one character, which are cheap.
Six bucks for me.

The mail API key forces people to use out of game services ...
... because they have no privacy at all.



Now tell me, honestly ....


How many potential awoxers do you think are out there ?
How many actual awoxers are out there ?


Compare that guess against the number of corporations in existence.

Ridiculous.

The API key is like the lock on a door.
An illusion of security.

Do you honestly believe if everyone removed the locks from the door ...
... robbers will flood the streets, taking everything ?

The one's bothered the most ...
... are those who need it the least.


Edit: That's actually interesting. The good people have to accept a standard
of constant surveillance to protect a few corporations from an illusionary army of awoxers.

Sheesh ...
  • All incoming connection attempts are being blocked. If you want to speak to me you will find me either in Hek local, you can create a contract or make a thread about it in General Discussions. I will call you back. -
Eve Solecist
Shitt Outta Luck - GANKING4GOOD
#51 - 2015-05-17 20:44:02 UTC
Kirk Ernaga wrote:
Sibyyl wrote:

Because I don't trust you to read my mail.


I have no issues against anything else in API.


If your so worried about personal privacy, then why have personal conversations via eve mail where it is all visible under a api instead through pidgin or private conversation?

Your perspective is wrong.

APIcentric. lol

The first mistake is that you don't see the issue with us having to rely on external stuff ...
... to socialise with other players ingame. That's just nuts, tbh. :)

The second is that you ignore how you are limiting us to private conversations ...
... which can't be had when one is logged out. Mails work, though.

Again, the barrier to socialisation.

Why am I locked out of corporations, for having close connections to people ?

That's nuts !
  • All incoming connection attempts are being blocked. If you want to speak to me you will find me either in Hek local, you can create a contract or make a thread about it in General Discussions. I will call you back. -
Josephine Roden
Roden Interstellar Manufacturing
#52 - 2015-05-17 22:03:26 UTC
Well, if the OP feels it's all just silly nonsense then I'm sure he'll be happy to post his full API here on the forums?
13kr1d1
Hedion University
Amarr Empire
#53 - 2015-05-17 22:37:18 UTC
Josephine Roden wrote:
Well, if the OP feels it's all just silly nonsense then I'm sure he'll be happy to post his full API here on the forums?


yes op, give us your API since it means nothing.

Don't kid yourselves. Even the dirtiest pirates from the birth of EVE have been carebears. They use alts to bring them goods at cheap prices and safely, rather than live with consequences of their in game actions on their main, from concord to prices
Lost Greybeard
Drunken Yordles
#54 - 2015-05-17 23:10:13 UTC
NewBros should avoid any corp that asks for a FULL api because whoever's running that corp is incompetent and can't create a coherent info-control policy.

A corporation should be asking for a specific list of things so you can build a limited API key to share with them, usually for a limited time. Any corp that asks for a full one for unlimited time is incompetent (see above) or trying to scam or victimize you in some way.
Amanda Chan
Garoun Investment Bank
Gallente Federation
#55 - 2015-05-18 00:27:50 UTC  |  Edited by: Amanda Chan
Not all of us like big brother looking over our shoulders and giving out a full api key puts you at more risk then you know.

First of all, full api keys does not stop awoxing. A simple killboard check takes care of that. Making friendly fire illegal makes punishing awoxers by losing their ship atleast. it's a deterrent and nothing more.

Wallet checks and market order give you unprecedented look into my finances. Why do you need to know how much isk I have and what/Where I am buying and selling. to prevent theft of Corp assets? My friend have you heard of the trade function? No logs or footprint from taking the item from the hangar to trading with an alt on another account. On the other hand you just provided somebody with the knowledge to wage economic warfare on you Or a clue into your dirty trade secrets.

location and ship? That's already part of the corp ui.

Etc. Etc. Etc.

The ONLY part of the api key that a Corp could justify is skIlls. Knowing what you can fly and if necessary that you are training into what the Corp needs or expects from you. Everything else, I'd love to see a solid point on why it's necessary. And by solid I mean not easily countered by deleting mail, trading items off to another account, etc.
BeBopAReBop RhubarbPie
University of Caille
Gallente Federation
#56 - 2015-05-18 01:02:01 UTC  |  Edited by: BeBopAReBop RhubarbPie
Amanda Chan wrote:
Not all of us like big brother looking over our shoulders and giving out a full api key puts you at more risk then you know.

First of all, full api keys does not stop awoxing. A simple killboard check takes care of that. Making friendly fire illegal makes punishing awoxers by losing their ship atleast. it's a deterrent and nothing more.

Wallet checks and market order give you unprecedented look into my finances. Why do you need to know how much isk I have and what/Where I am buying and selling. to prevent theft of Corp assets? My friend have you heard of the trade function? No logs or footprint from taking the item from the hangar to trading with an alt on another account. On the other hand you just provided somebody with the knowledge to wage economic warfare on you Or a clue into your dirty trade secrets.

location and ship? That's already part of the corp ui.

Etc. Etc. Etc.

The ONLY part of the api key that a Corp could justify is skIlls. Knowing what you can fly and if necessary that you are training into what the Corp needs or expects from you. Everything else, I'd love to see a solid point on why it's necessary. And by solid I mean not easily countered by deleting mail, trading items off to another account, etc.

Isk transactions are use to spot alts. Any new player dealing with large sums of isk is suspect, but even more so if that isk was a direct donation. The same is true of expensive assets. If I have a one to three month old character applying to a corp who has a large stockpile of t2, pirate faction or cruiser+ sized vessels, thats a red flag. If the said character has very few ships but those include catalysts, thoraxes, or gnosis, that's a huge red flag.

Further more, for corps that recruit more experienced players, they may just want to check that the player isn't lying on the application. I honestly don't remember the last time someone asked me for a full api, and I'm at a point in my career where I'm hesitant to give it out, but that doesn't mean I would ever expect a corp to recruit me without it.

I could see some worry about this for capital pilots joining smaller corps, or for incursion/level 4 mission runners with blinged ships, but honestly no one cares that you have a raven in Osmon.

Founder of Violet Squadron, a small gang NPSI community! Mail me for more information.

BeBopAReBop RhubarbPie's Space Mediation Service!
Vortexo VonBrenner
Doomheim
#57 - 2015-05-18 01:27:18 UTC
Kirk Ernaga
Pandemic Horde Inc.
Pandemic Horde
#58 - 2015-05-18 02:01:03 UTC
Amanda Chan wrote:
Not all of us like big brother looking over our shoulders and giving out a full api key puts you at more risk then you know.

First of all, full api keys does not stop awoxing. A simple killboard check takes care of that. Making friendly fire illegal makes punishing awoxers by losing their ship atleast. it's a deterrent and nothing more.

Wallet checks and market order give you unprecedented look into my finances. Why do you need to know how much isk I have and what/Where I am buying and selling. to prevent theft of Corp assets? My friend have you heard of the trade function? No logs or footprint from taking the item from the hangar to trading with an alt on another account. On the other hand you just provided somebody with the knowledge to wage economic warfare on you Or a clue into your dirty trade secrets.

location and ship? That's already part of the corp ui.

Etc. Etc. Etc.

The ONLY part of the api key that a Corp could justify is skIlls. Knowing what you can fly and if necessary that you are training into what the Corp needs or expects from you. Everything else, I'd love to see a solid point on why it's necessary. And by solid I mean not easily countered by deleting mail, trading items off to another account, etc.

Except wallet transactions is the number one thing to check for awoxers. I know of lots of awoxers that would've been recruited except they had suspicious wallet transfers from alts in large alliances.
Vimsy Vortis
Shoulda Checked Local
Break-A-Wish Foundation
#59 - 2015-05-18 02:54:16 UTC  |  Edited by: Vimsy Vortis
I too do not understand why someone wouldn't want to give you access to large quantities of continuously updated private information.

Possibly it is because people aren't interested in having somebody being able to read every mail they ever send? Or perhaps they don't particularly care for people to constantly monitor every market transaction they make?

Even if you don't intend to do those things at all, by asking for a non-expiring API with every box ticked you're asking someone to allow you to do all of those things and to e able to do so indefinitely.

For some inexplicable reason some people actually like privacy. You'd do well to only gather information you actually need.
Avaelica Kuershin
Paper Cats
#60 - 2015-05-18 02:54:56 UTC
BeBopAReBop RhubarbPie wrote:

Isk transactions are use to spot alts. Any new player dealing with large sums of isk is suspect, but even more so if that isk was a direct donation. The same is true of expensive assets. If I have a one to three month old character applying to a corp who has a large stockpile of t2, pirate faction or cruiser+ sized vessels, thats a red flag. If the said character has very few ships but those include catalysts, thoraxes, or gnosis, that's a huge red flag.

I could see some worry about this for capital pilots joining smaller corps, or for incursion/level 4 mission runners with blinged ships, but honestly no one cares that you have a raven in Osmon.


Anomalies in ISK transaction, skill training, assets, implants, jump clones... in a 'new' character would certainly be red flags even without access to mail.

In an experienced character, I can see location of jump clones and combat logs being of interest.

Really, it all depends on what you are looking for when an api is requested.

Trouble is, knowing what are red flags can mean a spy knows what to avoid, and how to how to look innocent.

(My mail would show up some red flags... I'm probably 'unemployable' by now Blink )