These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
Previous page123Next page
 

Corporate security checks

Author
Sykaotic
Doomheim
#21 - 2015-04-06 10:47:14 UTC  |  Edited by: Sykaotic
Marech Bhayanaka wrote:
Lots of interesting responses above. Thank you all!

One more question ... I came across one otherwise attractive looking corp that specifies they want a non-expiring API key. I believe this would give them ongoing access to my email. I don't plan any shenanigans, but this seemed a bit creepy.

Is this a commonly accepted practice?

Marech.


When I played 5 years ago.... it was extremely rare to see a corp ad for "Full Api", but durring the last 2 years or so it seems to have snowballed into many wanting full api.

This is more of a monkey see monkey do mind set.

With that said, now some corps are starting to require a "non-expiring API key" an while this may be * justifiable* for those with corporate roles, it is 100% tottaly rediculous for for an average "corpie".

As a matter of fact, I recommend that you do not give out a "non-expiring API key" and be just as cautious as the corps are in which of them you share your info with.

I say this as the real mechanic of the api check is like a background check in a job, or a drug test in that if you are dirty you won't attempt to apply and saves corp leaders from headaces.

But..... on the other side of the coin the information gained from you through an api check could be used in a nefarious way at some time.... against you.

So, do study the corp very well first before you even begin to consider giving out your api. Are they trustworthy to have your data? It should be the absolute last thing you do i.e. give out your api when you are considering corps... it goes both ways.

GL
War Kitten
Panda McLegion
#22 - 2015-04-06 10:53:55 UTC
Pok Nibin wrote:
Vyl Vit wrote:
The way you know if you can trust somebody is by trusting them.

With majority rule, the majority dictates the form things take. Since those who excel are always in the minority, their vision never prevails. Rather, you have the tyranny of the mediocre in a democracy. The progeny of democracy comprise this player base, so guess what...

There are those who are convinced they must "investigate" someone "to be sure." One thing these folks are for sure about is, they're not very bright and couldn't really tell you whom you can trust and whom you can't, so they pretend procedure (they can't really explain to you) takes out the "human" element. By "human" we're supposed to believe "prone to fail."

The way you find out who you can trust is by trusting them. If they prove themselves trustworthy, then they are. If not, then not. This "investigation" has more to do with the ignorance of those claiming to use it than it does with any player's behavior. I run spies. That's what I do. (Obviously, not on this toon.) Gaining trust is how it's done. Nothing appearing in any so-called "investigation" of any EVE data reveals anything useful, but as long as who I am duping is looking there, they aren't looking where they should be, so further....this way of thinking makes one vulnerable to spies who know their business.

Play your game the way you see fit. Don't bend to the truisms and "wisdom" of so-called veteran players. Realize, there are hundreds of very experienced management-level players who understand well how all of this is done. You may not look "trustworthy" to one of those idiots mentioned above, but if you play a good game, train well, and are honest, the ones who do know will know and that's all you really need.

Enjoy the game. Ignore ignorance.
This is very well written. It's worth the read for that alone. The truth in it is profound, though, making it +2. You de man. Now, see how many ignore it and your point is proved by reality itself, as it should be.


Agreeing with yourself - classy.

API checks are good for weeding out bad spies. They don't indicate trustworthiness, nor do they catch everything. But they catch some things - and if a corp doesn't at least perform this basic scrutiny, can YOU really trust THEM?

I don't judge people by their race, religion, color, size, age, gender, or ethnicity. I judge them by their grammar, spelling, syntax, punctuation, clarity of expression, and logical consistency.

Nors Phlebas Sabelhpsron
The Red Circle Inc.
Ministry of Inappropriate Footwork
#23 - 2015-04-06 11:41:05 UTC  |  Edited by: Nors Phlebas Sabelhpsron
Marech Bhayanaka wrote:
Lots of interesting responses above. Thank you all!

One more question ... I came across one otherwise attractive looking corp that specifies they want a non-expiring API key. I believe this would give them ongoing access to my email. I don't plan any shenanigans, but this seemed a bit creepy.

Is this a commonly accepted practice?

Marech.


Fairly, yes. Just because you made it past the recruitment phase doesn't mean anyone necessarily trusts you too much yet. You'll find most serious corps will demand a full, no-expiry API these days. I strongly recommend you don't do as Epeen suggests and change your API key to get around this; I certainly check to see if applicants I have accepted have done this and if any do they'll be getting an immediate punt, I imagine other corp recruitment teams do the same thing.

Scipio's advice is tops - don't try to hide anything in your API if you're applying to a corp with honest intentions. Anyone who finds your past objectionable is not for you anyway, so sod them. The guys closest to your playstyle, who'll want to fly with you, will be the ones who find the things in your past to be an asset.

EDIT: Also, deleting mails could go both ways - anyone who did that better have a VERY good story about it if they want to get through the RO's now heightened paranoia, but people generally recognise that there are legit reasons for doing this, so if you have good reason then do it and explain but if your reasoning is just "b-b-b-but they're MY mails" then I'd leave them intact.
Don Purple
Snuggle Society
Test Alliance Please Ignore
#24 - 2015-04-07 09:05:10 UTC
Just always be honest :D
If you get rejected because you are telling the truth then you probably don't want to fly with them anyways.

Been in a few corps now even when they know I am a spy/awoxer/corp thief.
Had a blast with a lot of good people even met some of them IRL.

I am just here to snuggle and do spy stuff.

Eve Solecist
Shitt Outta Luck - GANKING4GOOD
#25 - 2015-04-07 09:20:17 UTC
If a corp demands your full API then tell them to sod off and go find a better corp.

They are idiots for believing it will do them any good.

API keys make it easy to completely screw you over
with just ONE single mail that makes you look like an awoxer.

Full API keys prevent nothing and no one has a right to sniff through your private convos.

Tell them to feck off.
  • All incoming connection attempts are being blocked. If you want to speak to me you will find me either in Hek local, you can create a contract or make a thread about it in General Discussions. I will call you back. -
Aralyn Cormallen
Deep Core Mining Inc.
Caldari State
#26 - 2015-04-07 09:22:24 UTC  |  Edited by: Aralyn Cormallen
Marech Bhayanaka wrote:
I've been reading recruitment threads recently, and of course many of them mention security checks, which makes sense in a game full of spies and betrayals. But today I thought about it a bit and realized I have no idea what the checkers are looking before, beyond the obvious "Did he work for the enemy."

Are there things I (and others) should avoid doing because they would make it harder to find a corp in the future?

Marech.


I have recruited a couple of people in to the game, and one thing I have told them to absolutely not do is mail me via the in-game system, add me as a positive contact, or send me anything (a couple of times I have lent them money, but done it strictly through a neutral alt) as these are all things that will show up in an API check, and anyone recruiting them will probably **** a brick if they saw a Goon as a positive contact. It is something that can be easily explained away with a good corp, but a lot would immediately reject without the chance to explain, assuming the person was just a really stupid spy alt.
Lan Wang
Princess Aiko Hold My Hand
Safety. Net
#27 - 2015-04-07 09:23:11 UTC
Hengle Teron wrote:
The first thing to check is probably if and who's alt are you.

You can see it by the source of the income of the applicant.


how can that prove anything?

Domination Nephilim - Angel Cartel

Calm down miner. As you pointed out, people think they can get away with stuff they would not in rl... Like for example illegal mining... - Ima Wreckyou*

Eve Solecist
Shitt Outta Luck - GANKING4GOOD
#28 - 2015-04-07 09:26:16 UTC
Lan Wang wrote:
Hengle Teron wrote:
The first thing to check is probably if and who's alt are you.

You can see it by the source of the income of the applicant.


how can that prove anything?

Assume you made a new char and stupidly send money to it.
  • All incoming connection attempts are being blocked. If you want to speak to me you will find me either in Hek local, you can create a contract or make a thread about it in General Discussions. I will call you back. -
Aralyn Cormallen
Deep Core Mining Inc.
Caldari State
#29 - 2015-04-07 09:29:41 UTC  |  Edited by: Aralyn Cormallen
Marech Bhayanaka wrote:
Lots of interesting responses above. Thank you all!

One more question ... I came across one otherwise attractive looking corp that specifies they want a non-expiring API key. I believe this would give them ongoing access to my email. I don't plan any shenanigans, but this seemed a bit creepy.

Is this a commonly accepted practice?

Marech.

There can be valid reasons for this - with larger organisations, rather than manually removing members from services once they leave, there might be automated systems in place to periodically check that every registered forum/comms account is linked to a valid API showing a character as an alliance/corp member (and if one isn't found, immediately auto-banning the account). If in doubt, ask, most wont mind you querying the purpose of the API.
Ioci
Bad Girl Posse
#30 - 2015-04-07 19:32:15 UTC
Don Purple wrote:
Just always be honest :D
If you get rejected because you are telling the truth then you probably don't want to fly with them anyways.

Been in a few corps now even when they know I am a spy/awoxer/corp thief.
Had a blast with a lot of good people even met some of them IRL.


This in a round about way.

There is no limit on the amount of accounts someone can have. API checks are useless and they always have been. The closest thing to true security checks are in requirements to have you register with something like Team Speak, It's much more difficult to BS people for long periods of time when they become actual people in a teamspeak environment.

My name is Edwin, I live in Toronto, Canada.

R.I.P. Vile Rat

Mr Epeen
It's All About Me
#31 - 2015-04-07 19:38:07 UTC
Ioci wrote:
Don Purple wrote:
Just always be honest :D
If you get rejected because you are telling the truth then you probably don't want to fly with them anyways.

Been in a few corps now even when they know I am a spy/awoxer/corp thief.
Had a blast with a lot of good people even met some of them IRL.


This in a round about way.

There is no limit on the amount of accounts someone can have. API checks are useless and they always have been. The closest thing to true security checks are in requirements to have you register with something like Team Speak, It's much more difficult to BS people for long periods of time when they become actual people in a teamspeak environment.

My name is Edwin, I live in Toronto, Canada.


My name is John Travolta. I live in Xanadu.

Mr Epeen Cool
Ioci
Bad Girl Posse
#32 - 2015-04-07 19:45:26 UTC
Mr Epeen wrote:
Ioci wrote:
Don Purple wrote:
Just always be honest :D
If you get rejected because you are telling the truth then you probably don't want to fly with them anyways.

Been in a few corps now even when they know I am a spy/awoxer/corp thief.
Had a blast with a lot of good people even met some of them IRL.


This in a round about way.

There is no limit on the amount of accounts someone can have. API checks are useless and they always have been. The closest thing to true security checks are in requirements to have you register with something like Team Speak, It's much more difficult to BS people for long periods of time when they become actual people in a teamspeak environment.

My name is Edwin, I live in Toronto, Canada.


My name is John Travolta. I live in Xanadu.

Mr Epeen Cool


Obvious example is obvious but could you keep that up for months on Vent or TS?

R.I.P. Vile Rat

Mr Epeen
It's All About Me
#33 - 2015-04-07 19:50:21 UTC
Ioci wrote:


Obvious example is obvious but could you keep that up for months on Vent or TS?


I have kept up false identities for years in other games. Games that require a much closer bond on TS than this one.

It's not that hard. Keep it simple and keep a post-it on the monitor with some reminders of who you are supposed to be and what you do in life.

Mr Epeen Cool
Xpaulusx
Naari LLC
#34 - 2015-04-07 19:50:44 UTC
Mr Epeen wrote:
Delete everything in your mail folder before applying.

Other than that, let them have their fun and then change your API key.

Mr Epeen Cool

Actually the last thing you should do, a good Sec Officer will tell you to take a hike.

......................................................

Ioci
Bad Girl Posse
#35 - 2015-04-07 21:22:18 UTC
Mr Epeen wrote:
Ioci wrote:


Obvious example is obvious but could you keep that up for months on Vent or TS?


I have kept up false identities for years in other games. Games that require a much closer bond on TS than this one.

It's not that hard. Keep it simple and keep a post-it on the monitor with some reminders of who you are supposed to be and what you do in life.

Mr Epeen Cool


I don't doubt it but that level of human forgery is on a scale most will never bother with. You are either in the military and training in super spy rubbish or have a genuine desire to be a sociopath or something along those lines. Most come to EVE to play internet spaceships and build fake empires.

So as not to slide off the rails too far, API is pointless and making contact with the person in command of the account is the best you can do in terms of security. Because the internet is still a giant texting machine in most respects you do need to take leaps of faith here and there but yea, many EVE corps over do themselves.

I'm in a one man alliance. My security? You aint getting in. Sorry.

R.I.P. Vile Rat

Avaelica Kuershin
Paper Cats
#36 - 2015-04-07 21:35:16 UTC
Ioci wrote:


I don't doubt it but that level of human forgery is on a scale most will never bother with. You are either in the military and training in super spy rubbish or have a genuine desire to be a sociopath or something along those lines. Most come to EVE to play internet spaceships and build fake empires..


How about playing internet spaceship spies? Perhaps I've read too much Le Carre and want to try my hand at espionage (not on this character obviously)
Don Purple
Snuggle Society
Test Alliance Please Ignore
#37 - 2015-04-08 05:55:59 UTC
Mr Epeen wrote:
Ioci wrote:
Don Purple wrote:
Just always be honest :D
If you get rejected because you are telling the truth then you probably don't want to fly with them anyways.

Been in a few corps now even when they know I am a spy/awoxer/corp thief.
Had a blast with a lot of good people even met some of them IRL.


This in a round about way.

There is no limit on the amount of accounts someone can have. API checks are useless and they always have been. The closest thing to true security checks are in requirements to have you register with something like Team Speak, It's much more difficult to BS people for long periods of time when they become actual people in a teamspeak environment.

My name is Edwin, I live in Toronto, Canada.


My name is John Travolta. I live in Xanadu.

Mr Epeen Cool


My mane is john, arthur, alex, theodore, don, wolf, johny, jon, etc.
Columbus Ohio. :D

Ive been most of those names for months or years with certain folks.

Worked a 4 month job on a irl friend cause he bet me I couldn't do it.
I was on his ts3 every day for months. :D

I am just here to snuggle and do spy stuff.

Eve Solecist
Shitt Outta Luck - GANKING4GOOD
#38 - 2015-04-08 08:58:16 UTC  |  Edited by: Eve Solecist
Don is a monster.
I'm not kidding.
Not as bad as all the sociopathic carebears though.

He is weak against people who are victim types,
like his ******** friend Crispy.

Avoid him unless you want to hire him.

This man has gigantic snakes and wrestles them!
I ******* kid you not!

And he will lure you into it with baby pictures of his daughter!

She's adorable!
  • All incoming connection attempts are being blocked. If you want to speak to me you will find me either in Hek local, you can create a contract or make a thread about it in General Discussions. I will call you back. -
Glathull
Warlock Assassins
#39 - 2015-04-09 01:50:49 UTC
Dots wrote:

Unless you are training to be a spy, I would suggest you don't deal in deception at all. Life is just simpler that way.



You say that, but you haven't told us what you're hiding underneath those dots . . . .

I honestly feel like I just read fifty shades of dumb. --CCP Falcon

Don Purple
Snuggle Society
Test Alliance Please Ignore
#40 - 2015-04-09 11:07:09 UTC  |  Edited by: Don Purple
Eve Solecist wrote:
Don is a monster.
I'm not kidding.
Not as bad as all the sociopathic carebears though.

He is weak against people who are victim types,
like his ******** friend Crispy.

Avoid him unless you want to hire him.

This man has gigantic snakes and wrestles them!
I ******* kid you not!

And he will lure you into it with baby pictures of his daughter!

She's adorable!


Sol has me pegged xD
<3 Solecist Forever
Sebastian is almost 7 feet now 8in wide in the middle

Walters still about 14ft and 30lbs
Oh and piper is 40lbs and huge she can now say pewpewpew and MINE.
http://imgur.com/MDS0yNi [ :D]

I am just here to snuggle and do spy stuff.

Previous page123Next page