These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

evewho.com - Showing more than I want to show. No privacy !

First post First post
Author
Ni Cho
Federal Navy Academy
Gallente Federation
#41 - 2011-09-20 17:23:32 UTC
Nikkov wrote:
Efraya wrote:
All of the information gathered on that website is a collection of information that is already publicly visible, he's just been clever in scraping the kill boards and compiling that list.



How can the information be public, ie: Killboards, when alts are being shown that have never undicked from station?



Haha, you said undicked...
Othran
Route One
#42 - 2011-09-20 17:26:14 UTC  |  Edited by: Othran
Given the amount of idiots who have account and character names the same it looks quite useful for a bit of brute forcing/social engineering accounts too.

So who's the muppet designer who ****** this up?
Miilla
Hulkageddon Orphanage
#43 - 2011-09-20 17:27:29 UTC
Othran wrote:
Given the amount of idiots who have account and character names the same it looks quite useful for a bit of brute forcing/social engineering accounts too.

So who's the muppet designer who ****** this up?



"Stay the course!"
malaire
#44 - 2011-09-20 17:31:40 UTC
Tippia wrote:
For instance, if you do not know that a character exists, you cannot find it in-game nor can you discover who's in those "unknown" corp slots; using the charID and API calls, you can discover its existence and tie it back to the corp that way.

You can find it in-game, you can search by partial character name and try to find there "hidden" characters.

New to EVE? Don't forget to read: The Manual * The Wiki * The Career Options * and everything else

Miilla
Hulkageddon Orphanage
#45 - 2011-09-20 17:32:38 UTC
Remember that Eve Developer Licensing a while back?

This guy is just going to screw it up for all the developers such as myself by now making the reality of Authorised Application Keys to being enforced on all API consuming Apps so CCP can identify applications that abuse the API and block them out.

Miilla
Hulkageddon Orphanage
#46 - 2011-09-20 17:33:16 UTC
malaire wrote:
Tippia wrote:
For instance, if you do not know that a character exists, you cannot find it in-game nor can you discover who's in those "unknown" corp slots; using the charID and API calls, you can discover its existence and tie it back to the corp that way.

You can find it in-game, you can search by partial character name and try to find there "hidden" characters.



But then you actually have to log in and PLAY EVE.

This guy is bascially MACROING :)

malaire
#47 - 2011-09-20 17:36:14 UTC  |  Edited by: malaire
Miilla wrote:
This guy is bascially MACROING :)

So what? Macroing outside EVE Client, using external applications and API, is allowed.

New to EVE? Don't forget to read: The Manual * The Wiki * The Career Options * and everything else

Miilla
Hulkageddon Orphanage
#48 - 2011-09-20 17:39:09 UTC
malaire wrote:
Miilla wrote:
This guy is bascially MACROING :)

So what? Macroing outside EVE, using external applications and API is allowed.



Abuse of API is against the rules, causing a detrimental affect on the servers or game.

Infact you will see that there is a cache time on the server API responses, he is not adhering to that most likely.

In EveMon you will also see that there is a delay on the calling of API's, to reduded load on the server.

He most likely is not doing that.

CCP Navigator
C C P
C C P Alliance
#49 - 2011-09-20 17:40:51 UTC  |  Edited by: CCP Navigator
I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so.
Nyio
Federal Navy Academy
Gallente Federation
#50 - 2011-09-20 17:40:57 UTC
@Miilla

Perhaps spend less time on these forums and more time actually making something.
Just a thought. Smile
Othran
Route One
#51 - 2011-09-20 17:43:55 UTC  |  Edited by: Othran
CCP Navigator wrote:
I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API information and will continue to do so.



Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all.

The fact that the API calls confirm or refute the existence of a character based on a random charID suggests you're running damage control here Spitfire. I would strongly suggest you don't.

Any system which confirms or refutes the existence of a user (or character) based on the user (char) ID and no key/pw is broken.

Simple as.
Miilla
Hulkageddon Orphanage
#52 - 2011-09-20 17:44:04 UTC
CCP Navigator wrote:
I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so.




So it is ok to scan the API?

CONFIRMED, get those API scanners going people
Miilla
Hulkageddon Orphanage
#53 - 2011-09-20 17:46:11 UTC
Eve API is as secure as their email petition link replying system.

You can reply to ANY other person's petition IF you can guess the date and ID. I reported this one many times. Fell on deaf ears.

No authentication required.
malaire
#54 - 2011-09-20 17:46:24 UTC
Othran wrote:
Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all.

Has he ever said anything in Local? Is he visible in Local?

If yes, then someone might've spotted him and posted to website like evewho.

New to EVE? Don't forget to read: The Manual * The Wiki * The Career Options * and everything else

Ejit
STD contractors
#55 - 2011-09-20 17:48:31 UTC
Nikkov wrote:
undicked


My wife has threatened me with this on more than one occasion Big smile
CCP Navigator
C C P
C C P Alliance
#56 - 2011-09-20 17:48:37 UTC
Miilla wrote:
CCP Navigator wrote:
I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so.




So it is ok to scan the API?

CONFIRMED, get those API scanners going people


I suggest you refrain from confirming anything. the details of what is allowed with the EVE API is decided by the developers who work on that code.
Othran
Route One
#57 - 2011-09-20 17:50:45 UTC
malaire wrote:
Othran wrote:
Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all.

Has he ever said anything in Local? Is he visible in Local?

If yes, then someone might've spotted him and posted to website like evewho.


Nope.

He was created and logged off. Hasn't been used for anything other than an Evemon template after that. Never been logged on since.

Sooo how is he there if its not scraping +/- on other characters?

2 mill characters - wow that's a lot of "guessing".
Miilla
Hulkageddon Orphanage
#58 - 2011-09-20 17:52:42 UTC  |  Edited by: Miilla
CCP Navigator wrote:
Miilla wrote:
CCP Navigator wrote:
I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so.




So it is ok to scan the API?

CONFIRMED, get those API scanners going people


I suggest you refrain from confirming anything. the details of what is allowed with the EVE API is decided by the developers who work on that code.



This guy is obviously scraping the API charID's, that is scanning the API parameters.

YOU said he had done nothing "illegal".

Is it allowed or not?

Your post said it was.
CCP Stillman
C C P
C C P Alliance
#59 - 2011-09-20 17:55:51 UTC
Miilla wrote:
CCP Navigator wrote:
I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so.




So it is ok to scan the API?

CONFIRMED, get those API scanners going people

I just want to clarify:

We have very clear policies about what's allowed and not. As you will know, we will throttle invalid calls, as we do not allow throwing 10 million random IDs at the API and hoping they return data.

Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.

Just a random dude in Team Security.

Miilla
Hulkageddon Orphanage
#60 - 2011-09-20 17:58:12 UTC  |  Edited by: Miilla
CCP Stillman wrote:
Miilla wrote:
CCP Navigator wrote:
I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so.




So it is ok to scan the API?

CONFIRMED, get those API scanners going people

I just want to clarify:

We have very clear policies about what's allowed and not. As you will know, we will throttle invalid calls, as we do not allow throwing 10 million random IDs at the API and hoping they return data.

Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.



So it is allowed if we generate a low ratio of errors to success API calls.

Just to clarify.



That is easy to do. Just keep repeating SUCCESSFUL calls if an error is generated.