These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
Previous page123Next page
 

API keys, why the paranoia?
Author
Previous Topic Next Topic
Ursula LeGuinn
Perkone
Caldari State
#21 - 2012-01-10 12:47:35 UTC  |  Edited by: Ursula LeGuinn
Florestan Bronstein wrote:
***a whole bunch of stuff***


That's some pretty impressive spycraft you outlined right there.

"The EVE forums are intended to provide a warm, friendly atmosphere for the EVE community." — EVElopedia
Florestan Bronstein
Ministry of War
Amarr Empire
#22 - 2012-01-10 12:54:05 UTC  |  Edited by: Florestan Bronstein
Ursula LeGuinn wrote:
Florestan Bronstein wrote:
***a whole bunch of stuff***


That's some pretty impressive spycraft you outlined right there.

http://jdel.eu/pandemic/forums/forum-123-.html

check the Phantom Works subsection.
Ursula LeGuinn
Perkone
Caldari State
#23 - 2012-01-10 13:03:08 UTC  |  Edited by: Ursula LeGuinn
Florestan Bronstein wrote:
Ursula LeGuinn wrote:
Florestan Bronstein wrote:
***a whole bunch of stuff***


That's some pretty impressive spycraft you outlined right there.

http://jdel.eu/pandemic/forums/forum-123-.html

check the Phantom Works subsection.


On the one hand, I love the fact that EVE creates these layers of secrecy, paranoia and shady activity, although I'm sure it annoys people who'd rather not deal with it at all.

It's too bad so much of it is necessarily meta-game, though.

"The EVE forums are intended to provide a warm, friendly atmosphere for the EVE community." — EVElopedia
Mr Kidd
Center for Advanced Studies
Gallente Federation
#24 - 2012-01-10 14:14:02 UTC  |  Edited by: Mr Kidd
Full API access is invasion of one's in-game privacy. The idea that the CEO is going to conduct or pay someone to conduct an investigation utilizing all that information is ludicrous, especially for every member of the corp. In order to do such an investigation you're talking about looking at all facets of information in that API for patterns in activities that indicate such, investigating possibly hundreds of contacts, emails, contract histories, trades, etc, etc times 3 for all the characters on the account. You're literally talking about hours of RL work for each member, especially the older ones.

I believe, the full API has become a "test" of loyalty more than a spy detector. It's a shame, really. Any spy worth his salt is going to make sure that the character being used to infiltrate your corp has no such linkages to nefarious activities. Not all spies infiltrate with intent to do conspicuous damage. The good spy never has to use his spying account to relay information or accept isk transfers or do anything that would say "I'ma spy!". So, API as a spy detector....yeah, works.....only for the spies bad at being spies.

Asking for your member's full api is like using a mallet to whomp everyone in your corp over the head and then whoever is still standing afterwards, while maybe not too smart, is who is in your corp. IDK. There is a time and place to ask for full API, like when deciding on making someone a director or giving other sensitive roles but, not for every warm body.

Don't ban me, bro!
Buruk Utama
Science and Trade Institute
Caldari State
#25 - 2012-01-10 15:02:31 UTC  |  Edited by: Buruk Utama
I regularly purchase characters out of eve forums as it is a great business venture and also fun to use/learn the different play styles. Never had an issue placing the pilots in various corps when I wanted to have fun with them as I'm normally upfront about the pilot and its acquisition history. However, in my experience, the corps that want the most API are usually headed up by little mini-dictators who are paranoid as any RL dictator.

Demanding full API because of "spy" is extremely paranoid and speaks volumes about your leadership. Since the next progression will be to place new members on "probation" where you will "watch" them and what they do. Any little off-colored action will be solemnly marked down as characteristic of a spy and you may be booted without warning or directly accused. If directly accused, and you deny, you are spy; if you admit, you are spy.

Basically, once the CEO becomes paranoid that spies are out to ruin his mini-empire the game is over for him as he will spend more of his time trying to ferret out these ghost and probably erect a wall around him that prevents real meaningful relationship creation. The flip side to this, a good spy will cause the CEO to rampage down this path and will be the CEO's best friend up until the end...so was he justifiably paranoid?

If you can't trust your corp members then you are in the wrong corp. Just keep your super secret assets to yourself and if you lose a fight due to spy oh well, these are only space pixels.

Edit: The good spies will create separate personas for the character they place; complete with back story of their RL issues/education/family, etc. Most spies will get what they need upon joining from the channels, alliance website, corporate bulletins as so much information is posted there. Really dedicated spies are there to either rank up and affect leadership or steal stuff.
Gerald Taric
NEO DYNAMICS
#26 - 2012-01-10 15:15:02 UTC
Whenever i will be asked for an API key with certain priviledges, i will ask back, for which purposes he/she belives to need it.

If he/she is able to convince me about the common advantage, i may create an adapted, limited key for him/her.

Full API key access - and thus access to ingame mail and notifications - is definitelly not an option and will be refused by me in any case.
March rabbit
Aliastra
Gallente Federation
#27 - 2012-01-10 16:37:57 UTC
Well. Decline in giving full API to check is a good thing for me as one of recruiters. Cool
Using corp policy "full API is needed" i easily drop part of my job and have more time to play instead of checking, interviewing, training and supporting newcomers Big smile

So guys. Pleeease. The more people hide their APIs the more time i can spend to the game Cool

And on a serious note. Yes, i know that properly fitted spy won't be caught by API. This measure is just a simple locker on your door. Everyone knows that there is no unbreakable locker exists. What was built by people can always be destroyed by people.
However no one will have his door unlocked and opened just because of this principle.

So the full API, KB, forums and google checks are locker on your door. Will stop lazy unskilled and not-determined hacker. Or just person you would not have in your corp. Some possibility for random mistake from spy as bonus.

There is one more thing exist. If you know almost everyone from your corp by real Name, where he lives, who is he in RL, etc... you will not want strangers came to this group. So newcomer will have many personal questions. After all you need to trust a little to your corpmembers. And if you are "too hidden" you have significally less chances to get into this group of people. This is just like in RL. Nothing really differs. "Internet space pixels" you say? Nope. This is time spent to make something, team work, real effort, real money maybe.

The Mittani: "the inappropriate drunked joke"
KrakizBad
Section 8.
#28 - 2012-01-10 16:46:14 UTC
Endeavour Starfleet wrote:
They are losing the ability to have direct control over their memberbase so demanding full API is one of their attempts of establishing their version of Order. Which is of course the ole "Come to the CTA or log the **** out"


You've been beating this ridiculous drum for days now. Name and shame this alliance you claim is doing this or just get out. Not one single alliance in CFC does this.
Embrace My Hate
Bitmap Brothers
#29 - 2012-01-10 17:56:40 UTC
Naturally, People fear what they don't understand.
Borun Tal
Brutor Tribe
Minmatar Republic
#30 - 2012-01-10 18:14:02 UTC
Someone's paranoid about the API keys? Uh, ok... Does a recruiter hope to gain insight into the TOON or the person BEHIND the toon? And what does seeing two alts of three on one account do for anyone that seriously wants to do the spy thing? Are you going to demand all APIs on all accounts, knowing SURELY that the person will give them ALL up?

The API key thing for recruiting is just patently stupid. Good luck trying to justify it, cuz it won't work.
Caliph Muhammed
Perkone
Caldari State
#31 - 2012-01-10 18:14:47 UTC
Limited key is fine, but my contacts and mails are none of your business. So the tool might be there but if your corp is a collection of mediocre with nothing to offer you can hang up mass recruitment with a demand such as full api. Are you paying me? Are you paying for my sub? If the answer is no then the answer to a full api key is no.
Endeavour Starfleet
#32 - 2012-01-10 18:27:50 UTC  |  Edited by: Endeavour Starfleet
March rabbit wrote:
Well. Decline in giving full API to check is a good thing for me as one of recruiters. Cool
Using corp policy "full API is needed" i easily drop part of my job and have more time to play instead of checking, interviewing, training and supporting newcomers Big smile

So guys. Pleeease. The more people hide their APIs the more time i can spend to the game Cool

And on a serious note. Yes, i know that properly fitted spy won't be caught by API. This measure is just a simple locker on your door. Everyone knows that there is no unbreakable locker exists. What was built by people can always be destroyed by people.
However no one will have his door unlocked and opened just because of this principle.

So the full API, KB, forums and google checks are locker on your door. Will stop lazy unskilled and not-determined hacker. Or just person you would not have in your corp. Some possibility for random mistake from spy as bonus.

There is one more thing exist. If you know almost everyone from your corp by real Name, where he lives, who is he in RL, etc... you will not want strangers came to this group. So newcomer will have many personal questions. After all you need to trust a little to your corpmembers. And if you are "too hidden" you have significally less chances to get into this group of people. This is just like in RL. Nothing really differs. "Internet space pixels" you say? Nope. This is time spent to make something, team work, real effort, real money maybe.


You might want to clarify that bolded part... Like quick

And for now indeed you are getting away with demanding full API. Just please understand that in the future that will become a serious issue to your recruiting. It might be better to start to get used to demanding only the skill sheet in the future as that is likely to become the standard once modular corp and POS are implemented.

TheTradeMonkey wrote:
Endeavour Starfleet wrote:

Sounds like you have recently changed to a "demand full api" system


It's not even a full api request, it was for an incredibly limited api (character list\skill sheet).
I'm trying to get my head round the mind set of it all and in all honesty, I'm struggling.

The question still stands though, how do you filter for spys?

oh and bar "reading my eve mails" I've not heard much that makes me buy into this "OMFG API AAAHHHH"

Also, what corp pos thing?


Getting you head around the concept is a matter of understanding that EVE is a VERY long term game. And privacy is one element many find important.

Modular Corp and POS is a big request to CCP to change the very foundation of the settings system and variety of modules for the corp and the POS. Main goal is vastly increased amount of settings and ability to isolate a potential spy or liability to her/her/its own module or tab of module or individual job. To aid this a new modular POS involves use of smaller modules. (Individual Hangar, ship hangar etc..) Some are calling for a system like X3s yet I will settle just for more ability at isolation.

What it will result in is vastly improved ability for smaller (and larger to a slightly lesser extent) corps in EVE to recruit with the knowledge that it will be far harder for a spy or thief to make off with assets. This will cause demand for new members to skyrocket and put huge pressure on corps and alliance that do things like "Join or log off" CTAs, Huge member dues, Full API demand, moon gooz hogging, good ole boy clubs etc...
Roscada
We love Egg
#33 - 2012-01-10 19:45:26 UTC
New Eden is built on backstabbing, scamming, and cutting out your own segment of the market. Anyone willing to compromise their own isk flow by giving a full API to a CEO they don't know and trust deserves whatever they get.
My Neutral Toon
Doomheim
#34 - 2012-01-10 20:00:57 UTC
Unless you are a spy you don't need to be paranoid about giving your API. They CAN NOT get into your account with your API.

...Can't. Tell. If ...Troll? Or Serious....

Butt Hurt about Harrasment? Read first GM post: https://forums.eveonline.com/default.aspx?g=posts&t=88362&find=unread
Roscada
We love Egg
#35 - 2012-01-10 20:08:45 UTC
My Neutral Toon wrote:
Unless you are a spy you don't need to be paranoid about giving your API. They CAN NOT get into your account with your API.


That's not the point. The point is that they will know your alts, your fits, your hangar, your sources of income, agents you speak to regularly, your mail, your contacts, your likely haunts, everything.

Information is a valuable commodity; in some cases the most valuable. Only an idiot would just hand all of that over to join a corp.
Jita Alt666
#36 - 2012-01-10 20:25:32 UTC
Florestan Bronstein wrote:
TheTradeMonkey wrote:

The question still stands though, how do you filter for spys?

aside from API:

forum search - special attention to character bazaar and Timecode Bazaar.
checking employment history - maybe there are some alt corps in there? evewho is great for this sort of thing
checking contracts history - not complete but it might give you some pointers
checking killboards - who did he fly with? who did he kill?

If you have your own spies inside entities that you suspect to spy on you you can also do interesting stuff like

* watermarking important forum posts/announcements to trace leaks (look for the PL forum mirror it has some nice info on this: idea is that you display different versions of the same post to each viewer, e.g. by automatically replacing some characters with equally looking but different unicode characters based on the viewer's forum userid; or by offering different combinations of synonyms - e.g. four words with one possible synonym for each gives you 16 different versions of the forum post which already cuts down the number of people you suspect of having leaked the post considerably)

* harvesting IPs, e.g. post a link to some funny image hosted on a server you have access to on your enemies' forum, log IPs & timestamps which access that image, try to connect them to characters that replied to your post, compare to your own people's IPs that you harvested through your TeamSpeak server.
(or have your spy post a link to your file during some roam, that way you know pretty well who has clicked it, try to correlate IPs with characters by e.g. using the country information displayed by TeamSpeak; If there is only one German in the roam the German IP is probably him).
Also use voicecomms logs to look for people who listen in on ops but don't participate (or people who only log in for pvp ops). Check IPs that access your own forums or voicecomms for obvious proxies/VPN providers.

* make note of idiosyncratic misspellings or grammar fails

* keep a close eye on people who are too eager to x up or never x up when you call for all spais to 'x' up in fleet chat.
j/k Blink

* ...

In general kicking a spy will only result in him being replaced by another one that is harder to detect.
My advice would be that unless you suspect one of your FCs or directors/CEOs to spy on you, don't bother too much about it.



I find it amusing that the OP believes full API use is a ludicrous abuse that is way over the top but somehow IP tracking image searches and userid unicoding of forum posts is not.

I agree the methods you have suggested here work and are useful - if your alliance has access to quality IT staff.
gfldex
#37 - 2012-01-10 20:29:09 UTC
TheTradeMonkey wrote:
not trolling, genuinely want to know as I'm failing to see the other side of the coin.


Because they don't like it. Human behavior is defined by feelings not reason. By asking for an API key you imply that you have good reason not to trust somebody. Hurt feelings hurt.

If you take all the sand out of the box, only the cat poo will remain.
Skorpynekomimi
#38 - 2012-01-10 21:04:03 UTC
- Knowledge is power. Power corrupts.

- What I do, where my ISK comes from, who I talk to, and any alts are my business and my business only. You will know what I care for you to know.

- So, you think I'm a spy? **** YOU FOR EVEN CONSIDERING THAT.

(Note: Possible viewpoints. Don't kick me out the corp for trying to get into people's heads.)

Economic PVP
Jaroslav Unwanted
Brutor Tribe
Minmatar Republic
#39 - 2012-01-10 21:13:30 UTC  |  Edited by: Jaroslav Unwanted
Valei Khurelem wrote:
Some people just take this game too seriously.


Forwarding your Post.
Competition. Thats it. Its game. Game is defined by ability to success or fail. To success you have to do everything what is available.
Therefore Spies are part of the EVE in the larger schemes... Good spy is in big ally for years, get trust, move higher in the ranks and ultimately destroy said alliance. It happened before it will happen after. Of course moving your agent for such long journey got its downfall, like the spy become loayal to the alliance he was designed to destroy.. Therefore more spies are better.

However API keys for "non-important spaceship alliances/corporations" are just non-important and are developed just to make said ally/corporation look important. Cool

Also i dont really care about my API i give it freely to anyone who asks.. full account API Big smile
Include my Alts API.
BoBoZoBo
MGroup9
#40 - 2012-01-10 22:28:09 UTC  |  Edited by: BoBoZoBo
March rabbit wrote:
well. you have never had situations when your enemy knows every ship, fit and move of your fleet?
I have had it few times. This is real pain i would say. When you loose battle before start just because of some ****** spy in your corp/alliance. When your every command on comms is known to your opponent.

Maybe some day you will understand it.... When you start to play MULTIPLAYER Eve and not only INCURSION Online.



to OP and March -

This has nothing to do with - and will never be solved by - requesting full API access. They could open up every players full information free of access and you would still miss a good spy. Even if you were on top of it, luck will win out eventually.

Finding spies is an active endeavor. Not something you can just check off after reviewing an API. Someone you clear as legit can get pissed at you for any reason and BECOME a spy, so where did your API check get you. And If you suck at managing people and cannot set up your command structure to detect and root out spies or something fishy, no amount of info given to you will help. You want to find evil spies... be a fu*king leader and find them, there is no magic filter for it.

Not to mention, how many times have I switched alliances only to still have access to Teamspeak servers or chat rooms, watching fleet movement. No API check will solve those kinds of management problems. You probably overlooked something and want to blame it on API access.

As for myself, I have had only one character for 8 years, no alts and I NEVER give out my full API access, never will. Too many good alliances and good corp don't require it and my full API has too much information that is simply irrelevant to good management.

At the end of the day, asking for everything available shows you don't know how to use what you currently have.
Personally I use Full API access requests as my own litmus test to see if a corp is good or not.

Maybe someday you will understand this... when you lead real professionals instead of intertube spaceship pilots.

Primary Test Subject • SmackTalker Elite
Previous page123Next page