These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

A question regarding the privacy of EVE-mail.

First post
Author
Candi LeMew
Division 13
#81 - 2015-02-15 11:23:25 UTC
Godfrey Silvarna wrote:
The Mail and other parts of API are incredibly useful for a lot of things. For example, if you want to make a mobile app that monitors your evemail inbox and notifies you of an incoming message, you need a mail API to make it work. I find it amazing that CCP provides us with such powerful tools for making third party applications that tie into their game.

Don't blame the tools, blame the users.

I just check EVEgate on my phone. vov

I'm usually online shitposting anyway.

I personally think removing the mail API could drastically change some of the sociology across EVE, especially when it comes to joining corporations and getting involved with other groups of players. It'd be good for the honest players, it'd also be good for the dishonest ones. Blink

Win win really. Except for the folks who're too lazy to login to check mails and want a notification on their phone instead.

🍌

Remember... in Anoikis Bob Is Always Watching...

"I been kicked out of better homes than this" - Rick James

Gregor Parud
Imperial Academy
#82 - 2015-02-15 11:34:02 UTC
Malcanis wrote:
CCP Falcon wrote:
Regardless of what you're doing in EVE, you should never EVEmail anything, to any player that you'd consider private or personal, because there's nothing to stop the other player forwarding it on to someone else or sharing it publicly via copypasta, or the API system.


Sometimes it takes a CCP employee to carefully and politely explain that 2+2=4, big is more than small and that fire is hot.

Thanks for stepping up.


He did however fail to explain and state that water is wet, so the OP is right about not having been given all the necessary information.
Elenahina
Embark
Triumvirate.
#83 - 2015-02-15 20:02:32 UTC  |  Edited by: Elenahina
What it boils down to is it's no different than a modern email system.

I have the ability, at work, to give other people access to my email account (managers use it to allow their admins to manage their calendars, for example). It's an incredibly useful tool. But that also means that this person you have granted access to can read every email that comes in and goes out, even presumably private ones. Hell some admins even have the ability to send emails on behalf of the managers, from their manager's account.

Is it the system's fault that it doesn't warn the hundreds of thousands of users that send and receive email from it that anything they put on that system may be available to users they know nothing about, depending on the security settings of other users?

Or is it OUR responsibility as the users of that system to have some grasp of what using that system might allow?

Stop acting like a victim, and take some responsibility for being informed about your choices.

If you don't ant to give out your API - don't.
If you don't want your personally sensitive information to be available to other people, either don't share it, or share it in some other fashion. Or accept that be choosing to share it this way, you run the risk that, accidentally or intentionally, it may be spread beyond your originally intended audience.

Eve is like an addiction; you can't quit it until it quits you. Also, iderno

Ralph King-Griffin
Lords.Of.Midnight
The Devil's Warrior Alliance
#84 - 2015-02-15 20:11:51 UTC
Gregor Parud wrote:
Malcanis wrote:
CCP Falcon wrote:
Regardless of what you're doing in EVE, you should never EVEmail anything, to any player that you'd consider private or personal, because there's nothing to stop the other player forwarding it on to someone else or sharing it publicly via copypasta, or the API system.


Sometimes it takes a CCP employee to carefully and politely explain that 2+2=4, big is more than small and that fire is hot.

Thanks for stepping up.


He did however fail to explain and state that water is wet, so the OP is right about not having been given all the necessary information.

Wait what ?!

this changes things



This changes everything!
Jimmy Farrere
University of Caille
Gallente Federation
#85 - 2015-02-15 20:34:39 UTC
So you don't think that CCP should make it much more clear (especially to new players) that the ingame mail system is far less secure than it first appears and indeed, much less secure than similar mail systems in other games?

I find it kind of irksome that CCP forbid us to share any communications made with them and yet provide a way to share 'private' communications received from others so easily.

IMO the sharing of Eve-mails through the API should be removed, it serves little purpose other than allowing wannabe private detectives to nose through other peoples business. Failing that, CCP need to add a warning to the 'Compose mail' window (not the API screen) to highlight exactly how insecure it is.
Candi LeMew
Division 13
#86 - 2015-02-15 21:04:20 UTC  |  Edited by: Candi LeMew
Elenahina wrote:
What it boils down to is it's no different than a modern email system.

I have the ability, at work, to give other people access to my email account (managers use it to allow their admins to manage their calendars, for example). It's an incredibly useful tool. But that also means that this person you have granted access to can read every email that comes in and goes out, even presumably private ones. Hell some admins even have the ability to send emails on behalf of the managers, from their manager's account.

Is it the system's fault that it doesn't warn the hundreds of thousands of users that send and receive email from it that anything they put on that system may be available to users they know nothing about, depending on the security settings of other users?

Very similar to where I work. Of course, using government systems, everything is monitored and 'big brother' can look at my mails anytime. I accept that, in the same way I accept that CCP might need to see people's mails in the event of complaints or incidents, just like CCP Falcon mentioned.

However the social club at work doesn't have access to my emails, and I see no reason why they should just so I can go out drinking with them every Friday night.

Elenahina wrote:
If you don't ant to give out your API - don't.

That's good advice, and I follow it personally.

However in doing so one also cuts themselves off from 90% of the social content (corps) here that they can get involved in. Why does it have to be that way? Because of things like the mail API.

Jimmy Farrere wrote:
So you don't think that CCP should make it much more clear (especially to new players) that the ingame mail system is far less secure than it first appears and indeed, much less secure than similar mail systems in other games?

Why bother implementing new warnings, disclaimers, etc.

Just remove the mail API, as you suggest also in your last comment.

Jimmy Farrere wrote:
I find it kind of irksome that CCP forbid us to share any communications made with them and yet provide a way to share 'private' communications received from others so easily..

Well, as per CCP Falcon's post, CCP's view is that not only should "private" communications not take place here, but it's not allowed.

So let's change the game up on them a little, and instead of saying you're sharing "private info" let's say we're sharing "personal" info. That little change in terminology shifts the ballgame quite a bit imo. As Mr Epeen mentioned earlier, while there may not be anything "private" in some of these communications there is still plenty of "personal" things you wouldn't want to be exposed to anyone but the intended recipient.

So we have "private" info, the transmission of which is regulated with rules and legalities. But we also have "personal" info, which is regulated by morals and respect. CCP are doing a good job in one of those aspects, a very poor one in the other.

🍌

Remember... in Anoikis Bob Is Always Watching...

"I been kicked out of better homes than this" - Rick James

Remiel Pollard
Aliastra
Gallente Federation
#87 - 2015-02-15 21:10:26 UTC  |  Edited by: Remiel Pollard
Candi LeMew wrote:


So we have "private" info, the transmission of which is regulated with rules and legalities. But we also have "personal" info, which is regulated by morals and respect. CCP are doing a good job in one of those aspects, a very poor one in the other.


Morality is subjective, and respect is irrelevant. The information you choose to share with people using this game as a medium is subject only to CCP's established policies and your own prerogative.

“Some capsuleers claim that ECM is 'dishonorable' and 'unfair'. Jam those ones first, and kill them last.” - Jirai 'Fatal' Laitanen, Pithum Nullifier Training Manual c. YC104

Candi LeMew
Division 13
#88 - 2015-02-15 21:14:05 UTC  |  Edited by: Candi LeMew
Remiel Pollard wrote:
Candi LeMew wrote:


So we have "private" info, the transmission of which is regulated with rules and legalities. But we also have "personal" info, which is regulated by morals and respect. CCP are doing a good job in one of those aspects, a very poor one in the other.


Morality is subjective, and respect is irrelevant. The information you choose to share with people using this game as a medium is subject only to CCP's established policies and your own prerogative.

Well morality and respect are general concepts that, like your local laws, most people should have a general sense of.

Though it's true a lot of people, and companies, still struggle with both concepts.

But you're right. We're all responsible for whatever info or content we transmit. Being humans this means it's easy for us to trip over sometimes, and you'd like to think CCP have done all they can to not only cover their own asses but their users' too.

(Edit) And so we take a look at the lovely text wall from Falcon which shows us all the ropes, harnesses, fences and barriers they've put up to protect themselves from falling off a cliff. While all we get is a crumby warning sign that says "Don't go near this cliff - it's not allowed". Building a fence to make it harder for us to fall off would cost them next to nothing, but they haven't. I'd like to see mail API removed giving us a barrier to help keep us safe from falling off, allowing us to enjoy the corp social scenery in relative comfort.

🍌

Remember... in Anoikis Bob Is Always Watching...

"I been kicked out of better homes than this" - Rick James

Mr Epeen
It's All About Me
#89 - 2015-02-15 22:17:59 UTC
Here's something to think about.

I sell characters. To transfer a character I need the persons acct name. If I were lazy or clueless and didn't bother deleting all transaction mails, like most that sell characters, and join a corp, they've now got 10 or 15 character names and their associated acct names.

ISD is very quick to delete acct names when some doofus posts one in a CB thread, but apparently CCP is fine with spreading them across New Eden via API grabs.

Don't mail info you don't want people to know, Falcon? How the hell does that work with character transfers where it's a rule to do exactly that? And then rely on the person you gave the info to to have the common sense to delete it.

Mr Epeen Cool
Serene Repose
#90 - 2015-02-15 22:45:22 UTC  |  Edited by: Serene Repose
The ones who don't really comprehend this issue aside, which should happen more frequently, it appears this glaring hole in the system (large enough to drive a truck through) needs to be plugged, but good. Therefore, noting an apparent apologetic tone from the powers that be, the remedy must be rather involved. (That's how they react when you point out the plumbing needs to be entirely replaced before the new toilet will work.)

I'm forced to recall the handful of "other" games I play have a considerably better mail system than this. I'm also forced to speculate on why EVE is so behind in such a significant "social" tool if EVE (as all the pros will tell you) is supposed to be the be-all end-all to GROUP play.

Those who claim you give up rights to privacy by joining corps, those who say failing to use caution puts the blame on me, and those who say "it's a matter of indifference I'm exaggerating" first fail to recall, the OP is referring to a condition outside all three of those considerations. This affects a third-person who made no decisions with regard to corporations and APIs. That aside, if you grant all three of those points, then the only INTELLIGENT thing for anyone to do is not use the message function at all.

That of course puts us back to square one - the message system at present suffers from advanced sucktitude. Take this condition, half-dozen others which exist within the game then add the idiocy found in seriously continuing the WiS discussion and you see how disjointed the playerbase actually is with regard to the condition of this game.

Suffice to say the majority look at it only in terms of a gaming smorgasbord. They lift what they wish from the tray
and ignore the rest. SO....if you were a corporation....who would YOU listen to?

We must accommodate the idiocracy.

Serene Repose
#91 - 2015-02-15 23:01:03 UTC
dadgum double post - ffs

We must accommodate the idiocracy.

Candi LeMew
Division 13
#92 - 2015-02-15 23:06:21 UTC
Serene Repose wrote:
The ones who don't really comprehend this issue aside, which should happen more frequently, it appears this glaring hole in the system (large enough to drive a truck through) needs to be plugged, but good. Therefore, noting an apparent apologetic tone from the powers that be, the remedy would be rather involved. (That's how they react when you point out the plumbing needs to be entirely replaced before the new toilet will work.)

If that eventuates then just remind CCP of when they stopped API system kill data from being pulled by 3rd party wormhole mapping tools. A change that an enormous swathe of wormholers were against that resulted in some threadnaughts in that subforum. CCP went ahead and did it anyway with apparent ease.

And yeah, I accept I'm coming at this whole thing from a different angle than OP, but we're looking at the same destination.

🍌

Remember... in Anoikis Bob Is Always Watching...

"I been kicked out of better homes than this" - Rick James

Thorn en Distel
Federal Navy Academy
Gallente Federation
#93 - 2015-02-15 23:10:37 UTC
I think it's a bit of a legal mess. European privacy law is pretty strict, especially where the privacy of minors is concerned, and I think this might actually be in violation or at the least close to being so. I think a more explicit warning about what exactly you're letting yourself into when you activate that option and give out your API is definitely in order.
Pok Nibin
Doomheim
#94 - 2015-02-15 23:14:24 UTC
The cowboy mentality of the Icelandic overseers could use a bit of adjustment, too.
Mixing whiskey and Samuel Colt never did bode very well.
Mixing Jaeger and iNTEL might be akin.

The right to free speech doesn't automatically carry with it the right to be taken seriously.

Candi LeMew
Division 13
#95 - 2015-02-15 23:15:45 UTC
Thorn en Distel wrote:
I think it's a bit of a legal mess. European privacy law is pretty strict, especially where the privacy of minors is concerned, and I think this might actually be in violation or at the least close to being so. I think a more explicit warning about what exactly you're letting yourself into when you activate that option and give out your API is definitely in order.

But why implement more warnings and disclaimers?

Why not just remove the ability for 3rd party apps to pull mail API data?

Regardless all the opinions and views put forward in this thread from any perspective, I've not seen a single argument put forward as to why having mail API accesible is such a fantastic idea that should be promoted, and is so necessary in EVE unlike 99% of other games.

🍌

Remember... in Anoikis Bob Is Always Watching...

"I been kicked out of better homes than this" - Rick James

Indahmawar Fazmarai
#96 - 2015-02-15 23:23:30 UTC
Thorn en Distel wrote:
I think it's a bit of a legal mess. European privacy law is pretty strict, especially where the privacy of minors is concerned, and I think this might actually be in violation or at the least close to being so. I think a more explicit warning about what exactly you're letting yourself into when you activate that option and give out your API is definitely in order.


Oh, CCP haves that very well covered, as the EULA forbids to share personal data through CCP's services.
John Wolfsson
BAND of MAGNUS
#97 - 2015-02-16 00:22:20 UTC
5 pages and nobody post this ? , http://www.nexusfleet.org/user_files/images/cad-20120625-8bb4c.png .... , In some environments full api with mails , assets, standings ,wallet journals is necessary to corp security ... , and really why you send sensitive or personal data through evemail ?
Kaarous Aldurald
Black Hydra Consortium.
#98 - 2015-02-16 00:25:32 UTC
Thorn en Distel wrote:
I think it's a bit of a legal mess. European privacy law is pretty strict, especially where the privacy of minors is concerned, and I think this might actually be in violation or at the least close to being so. I think a more explicit warning about what exactly you're letting yourself into when you activate that option and give out your API is definitely in order.


It has one already. That's what boggles me the most. How is this even being discussed at all?

"Verily, I have often laughed at the weaklings who thought themselves good because they had no claws."

One of ours, ten of theirs.

Best Meltdown Ever.

Erica Dusette
Division 13
#99 - 2015-02-16 00:34:43 UTC
John Wolfsson wrote:
5 pages and nobody post this ? , http://www.nexusfleet.org/user_files/images/cad-20120625-8bb4c.png .... , In some environments full api with mails , assets, standings ,wallet journals is necessary to corp security ... , and really why you send sensitive or personal data through evemail ?

No it's not.

And in 5 pages it seems you haven't bothered to read the posts which already addresed pretty much every point you just wrote.

Jack Miton > you be nice or you're sleeping on the couch again!

Part-Time Wormhole Pirate Full-Time Supermodel

worмнole dιary + cнaracтer вιoѕвσss

Marsha Mallow
#100 - 2015-02-16 00:35:26 UTC
Mr Epeen wrote:
Here's something to think about.

I sell characters. To transfer a character I need the persons acct name. If I were lazy or clueless and didn't bother deleting all transaction mails, like most that sell characters, and join a corp, they've now got 10 or 15 character names and their associated acct names.

ISD is very quick to delete acct names when some doofus posts one in a CB thread, but apparently CCP is fine with spreading them across New Eden via API grabs.

Don't mail info you don't want people to know, Falcon? How the hell does that work with character transfers where it's a rule to do exactly that? And then rely on the person you gave the info to to have the common sense to delete it.

Mr Epeen Cool

In character trades you request the ISK to the character being sold, so it makes sense to request the account name to be mailed to that character also to provide a clear trail for GMs in case of a dispute later on. In which case the mail is transfered along with the character, and after that point it's for the new owner to ensure their mailbox is clear before sending their full API to anyone. If you're trading characters and requesting the account name is sent to a different alt to the one being sold, or you are forwarding them on for record keeping, one would hope you have the sense not to generate an API for that alt which can be trawled. The character trading system could certainly be improved, and people should be careful about their account name, but the link you're trying to make between API keys and account name security is flimsy at best.

Recruiters who have to do background checks are usually looking for specific flags and skimming multiple accounts, not snapping fingers at 40 blackops employees to sift through your bin and launch a satellite over your house. I'm not keen on groups who demand continuous API access, so I don't play with those neckbeards. You don't have to either. In reality, you should be more concerned about IP monitoring and yakking on across various platforms where you inadvertantly divulge personal info and create a trail which can be used to generate a database of intel. Most corps who ask for a full API key will ask for it once, at the point of recruitment (which you can set to expire). They might ask for a limited one later on to access certain services - some of which is set up for your protection to keep unknowns from joining comms, which you're arguably entitled to demand to protect your privacy.

Personal responsibility or nanny state CCP? I can see why people have an issue with privacy to a degree on this (when I put pants on head and try to think seriously), although it makes me wonder exactly what you think is safely transmittable electronically in the first place? If CCP cull parts of the API to protect players who are breaching their own privacy, we all lose the ability to monitor our characters using 3rd party tools. You can't stop corps and alliances from demanding access to your API without a major policy change (which I'd be in favour of in spirit, but would be diabolically difficult to implement). Even if you protest loudly enough to enact some sort of review of this, CCP still would not be able to guarantee your privacy if you use the client to transmit personal info.

Ripard Teg > For the morons in the room:

Sweets > U can dd my face any day