These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

evewho.com - Showing more than I want to show. No privacy !

First post First post
Author
Previous Topic Next Topic
Denidil
Cascades Mountain Operatives
#121 - 2011-09-20 21:37:39 UTC
Karbowiak wrote:


You should just tell me what your IP is so i can ban you, so we can get it over with..
Seems like a much better option


or you can grow up and stop acting like a ***** about someone asking you if you've been sharing keys.

i guess your immature behavior has determined whether or not i'll be issuing anything on eve-kill a new key.

Tedium and difficulty are not the same thing, if you don't realize this then STFU about game design.
Herbstleyd
Zealot's
Shadow Ultimatum
#122 - 2011-09-20 21:38:37 UTC
EveWho.com - Atrocity endorsedâ„¢

Dec plox.
Peter Powers
Terrorists of Dimensions
#123 - 2011-09-20 22:44:52 UTC  |  Edited by: Peter Powers
Joyana Dakota wrote:
I'm sorry but this website is breaking some rules in one form or another since I just created a new Corporation yesterday on an alt and it's already showing up on the website, I have never given my API away and I have never conducted any sort of PvP with that character so the information is not coming from random killboard information.

This should be illegal !


You put in the corp name to the search box and send it to the server,
server makes request to eve api, asking the api to give the corporation id for the corporation name

(public API, as it should be, without it and its reverse it would be *impossible* to compare api style killmails with killmail style killmails for example).

with that information he then knows that the corporation exists,
now its quite simple to find it ingame through the search,
or for Squizz_Cs app the API the public information of the corp
like.. founder, ceo, description text...

this is neither a new functionality nor worth the outrage, all those information
Squizz_C uses are information that are essential to build 3rd party applications,
and none of it reveals any damn secret.

You don't want anyone to know that a corp 'exists'?
don't create it.

An existing Corporation is a corporation, that means it is in some sort of corporate register, which usually is public, you can not create a corporation and expect no one to know about it, its legally not a corporation if its not in such register.

3rdPartyEve.net - your catalogue for 3rd party applications
Arkady Sadik
Gradient
Electus Matari
#124 - 2011-09-20 22:46:38 UTC
Our forums currently authenticate using the CharacterInfo call. We require an API key for the initial authentication, but once we have established that the forum account is indeed belonging to the same person as the API key holder, we do not need the API key anymore - we can simply call CharacterInfo and see if they're still in the alliance.

Likewise, there are lists like the FacWarTopStats that give you characterID but no further information about them. We use CharacterInfo to check which corp these people belong to. This is very useful as well.

Please do not remove this functionality. It's really, really useful.
Morganta
The Greater Goon
#125 - 2011-09-20 23:04:43 UTC
Miilla wrote:
How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.

If they have a valid reason to query the API, they would have a key.



this is how it should be
Miilla
Hulkageddon Orphanage
#126 - 2011-09-20 23:10:57 UTC  |  Edited by: Miilla
CCP Stillman wrote:
Miilla wrote:
Are you going to require that applications be "authorised" by some kind of unique APP certificate so you can tell which apps are putting what loading on the servers etc?


I can't speak in certain terms, as the plans aren't done at this point. But does it make sense to me? Yes.



So a likely future direction of the Eve API.

1) Paid for license App certificate / key to allow full access API's or perhaps priority queued and full query capabilities

2) Free license App certificate / key to allow basic API's and perhaps a slower secondary priority access, after paid for apps have got their share of calls completed and perhaps even limited in number of queries or time between queries.



I can see managing those app certificates being very messy, especially when those certs have been compromised, and they will, if there is a tiered API service.
seany1212
M Y S T
#127 - 2011-09-20 23:21:50 UTC
Karbowiak wrote:
That said, you trying to get the EVSCO API banned by CCP, wouldn't be in anyones interest, since without it - EVE-KILL wouldn't recieve any mails via the API.

At which point, you hunting Squizz around ingame will be the least of your troubles :D


This **** just got real Shocked
Peter Powers
Terrorists of Dimensions
#128 - 2011-09-20 23:27:40 UTC
Morganta wrote:
Miilla wrote:
How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.

If they have a valid reason to query the API, they would have a key.



this is how it should be

thats not how it can or should work,
there are information that *need* to be public available which will lead to some things exposed - for once that is the ID to name conversion.

if i have the name "Peter Powers" and i want to display the character portrait for example i need to be able to find the ID 179004085 somehow, otherwise i cannot show character pictures in my application.

Now for some use cases that might sound irrelevant, but if i have a software like a killboard for example, i really want those portraits there.

something similar goes for corporations, to display the logo of a corporation, i need to be able to retrieve the corporation information, since those contain the data needed to display the logo (or the corp description, or the ceo's name, or any other random public information).

Without all those information you end up with pretty horrible looking third party tools that have a horrible usability,
rather than the rich and colorfull environment of tools and ideas put to tools you have nowadays.

And honestly,
let me assure you that the API exposes no intel with any real meaning without a proper API key; and that eve-who, as nice as it is has a pretty limited set of data available compared to what some alliances / corps have in tools that dont even use the EVE API.

3rdPartyEve.net - your catalogue for 3rd party applications
seany1212
M Y S T
#129 - 2011-09-20 23:50:17 UTC
Peter Powers wrote:
Morganta wrote:
Miilla wrote:
How about this for an idea, NO API INFO without a valid KEY. Period. NOTHING; absolutely ZERO output.

If they have a valid reason to query the API, they would have a key.



this is how it should be

thats not how it can or should work,
there are information that *need* to be public available which will lead to some things exposed - for once that is the ID to name conversion.

if i have the name "Peter Powers" and i want to display the character portrait for example i need to be able to find the ID 179004085 somehow, otherwise i cannot show character pictures in my application.

Now for some use cases that might sound irrelevant, but if i have a software like a killboard for example, i really want those portraits there.

something similar goes for corporations, to display the logo of a corporation, i need to be able to retrieve the corporation information, since those contain the data needed to display the logo (or the corp description, or the ceo's name, or any other random public information).

Without all those information you end up with pretty horrible looking third party tools that have a horrible usability,
rather than the rich and colorfull environment of tools and ideas put to tools you have nowadays.

And honestly,
let me assure you that the API exposes no intel with any real meaning without a proper API key; and that eve-who, as nice as it is has a pretty limited set of data available compared to what some alliances / corps have in tools that dont even use the EVE API.



Agreeing with Peter Powers on this situation and confirming theres too many whiney bitches in this game. Dont want your character to be known, dont create one. Simple.
Guillame Herschel
Buffalo Soldiers
#130 - 2011-09-20 23:54:56 UTC
CCP Stillman wrote:
Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.


It is trivial to avoid any IP-based blockade. Your API is broken. That is the problem. That you can close one barn door after one horse has gotten out is beside the point.
Shionoya Risa
The Xenodus Initiative.
#131 - 2011-09-21 00:12:51 UTC  |  Edited by: Shionoya Risa
Mmm, I don't like it, but I'll use it. What?
Mehrdad Kor-Azor
Doomheim
#132 - 2011-09-21 00:23:19 UTC
Big Brother is watching.
Kronus Heilgar
Science and Trade Institute
Caldari State
#133 - 2011-09-21 01:07:02 UTC  |  Edited by: Kronus Heilgar
Bahaha I love how this website gets the rage thread, but I didn't get any when I released my earlier version of the same thing a couple months ago (EVE Central Intelligence)

I know he's not scraping the API with random guesses so you can all stop bitching about that (you'd be amazed how fast the CCP API folks can go get that banhammer). He's in bed with EVSCO / eve-kill, so he gets every character name from every kill that goes through there, and probably also uses the API keys eve-kill users have given to get names from wallet transactions. In addition, the new RSS feed for the forums makes it easy to scrape those too.

So it's not against CCP regulations. But it's definitely an abuse of the API keys people have trusted to EVSCO / eve-kill.

After building an initial database it's quite the chain effect, you can see every corp the characters have been in, then see the CEO's of each of those corps, then see the corps that those CEO's have been in, and so on. All chat logs are automatically saved, so he can process those (just stay logged in while sitting in Jita and the noob systems).

So grow up. It's not going to change now. Best thing you can do is go change all your API keys.

This is not the signature you're looking for.
Simetraz
State War Academy
Caldari State
#134 - 2011-09-21 05:45:25 UTC  |  Edited by: Simetraz
Kronus Heilgar wrote:
Bahaha
So grow up. It's not going to change now. Best thing you can do is go change all your API keys.


Change your API keys and don't give out.
That means no killboards, evemon, etc etc etc.

It was only a matter of time before someone put all this information together.

Be thankful they don't list the ISK in your account and what skill your training as well.

By the way I find it interesting that it is illegal to list NPC corp members but not player corps.

EVERYBODY KNOWS
Sable Blitzmann
24th Imperial Crusade
Amarr Empire
#135 - 2011-09-21 05:58:19 UTC
I find it funny that people are getting up in arms about people knowing what corp they're in. It's a video game, people, privacy laws don't come into effect with virtual people. Don't like it? Don't play the game (I'm looking at you Miilla)
Xercodo
Cruor Angelicus
#136 - 2011-09-21 06:04:21 UTC
My first thought is "They can just show info on you in-game and know what corp your in anyway...."

The Drake is a Lie
Arkady Sadik
Gradient
Electus Matari
#137 - 2011-09-21 08:00:20 UTC  |  Edited by: Arkady Sadik
The only people this is actually useful for are smaller groups in high/low-sec for war decs, so they can identify and hunt targets. Every halfway competent group did create member lists of their targets anyhow, this site makes that process much easier - a bit annoying, because it takes away some of the edge some groups have.

On the other hand, I do not see how to remove the functionality that enables this site without making a lot of API tools really u seless (see my last post, or Peter Powers' post above). So, better this way than the other.
malaire
#138 - 2011-09-21 08:05:29 UTC
Simetraz wrote:
By the way I find it interesting that it is illegal to list NPC corp members but not player corps.

Why would it be illegal? I believe both are allowed.

New to EVE? Don't forget to read: The Manual * The Wiki * The Career Options * and everything else
C4LYP50
Solarwind Interstellar Mining and Production Ltd
#139 - 2011-09-21 08:51:43 UTC
Othran wrote:
CCP Navigator wrote:
I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API information and will continue to do so.



Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all.

The fact that the API calls confirm or refute the existence of a character based on a random charID suggests you're running damage control here Spitfire. I would strongly suggest you don't.

Any system which confirms or refutes the existence of a user (or character) based on the user (char) ID and no key/pw is broken.

Simple as.


This guy is exactly right. Alts who've never undocked, or had any impact (no buying/selling, speaking in local, etc.) on the game at all, are being shown here. This, to me, represents a prime example of API info gone way wrong. When all other options have been argued and refuted, this fact remains: You (CCP) changed the way the API works, and what can be gleaned from the data dumps. Now someone has datamined through your security hole, and I'm not appreciating your feeble attempt at damage control. As for the often used "its all information that you can glean ingame, publically available", I call BS. If this were true, it would have been done by someone long before now.

Just once, I'd like to have confidence in CCP to actually test stuff before it's pushed out live. Honestly............when are you people going to LEARN?
Miilla
Hulkageddon Orphanage
#140 - 2011-09-21 10:27:02 UTC
THE END IS NIGH!!

NIGH!