These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Why does a corp want my api?
Author
Previous Topic Next Topic
Lucas Kell
Solitude Trading
S.N.O.T.
#81 - 2016-05-09 15:16:40 UTC
Remember though that removing the API would also remove your ability to use third party applications. But then again I supposed if you're all really this crazy about people spying on you, you don't give out API keys to third party applications either, since they have also been known to harvest information.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Yael Capra Nubiana
Pator Tech School
Minmatar Republic
#82 - 2016-05-09 15:19:37 UTC
Gwenaelle de Ardevon wrote:
Tisiphone Dira wrote:
Wallet history is actually one of the first thing I look at when reviewing an API I've been given, it's very important.



my wallet ... is mine. Big smile
and no ones has to look in! Bear

or can i have a full Api of CEOs or/and Directors.

If they don't trust me, why should i trust them? Pirate

Ugh



Right!

Same for me.
No ones has to show my assets, my wallet, my mails, they are mine. POINT
it's a question of principle.

Plexing is pure self en-slavement.
Kieron VonDeux
#83 - 2016-05-09 15:27:29 UTC  |  Edited by: Kieron VonDeux
Yael Capra Nubiana wrote:
Gwenaelle de Ardevon wrote:
Tisiphone Dira wrote:
Wallet history is actually one of the first thing I look at when reviewing an API I've been given, it's very important.



my wallet ... is mine. Big smile
and no ones has to look in! Bear

or can i have a full Api of CEOs or/and Directors.

If they don't trust me, why should i trust them? Pirate

Ugh



Right!

Same for me.
No ones has to show my assets, my wallet, my mails, they are mine. POINT
it's a question of principle.


As well, alt lists are created from API Keys and if that info gets stolen or is traded to others for what ever reason and your enemies get their hands on that they would know your alts, and maybe even track your assets if the get the keys as well.

And if you have a out of corp Orca / Bowhead / Freighter / JF alt you could find yourself compromised very quickly and in the need of a new ship.

Personally been on an OP like that myself. Nice KM too :)
Robert Caldera
Caldera Trading and Investment
#84 - 2016-05-09 15:27:31 UTC  |  Edited by: Robert Caldera
Kieron VonDeux wrote:

Only if they made spies far less effective by requiring corp set (adjustable) number of members to agree on something like kicking Corps from Alliance

bs, you dont need to give roles for anyone in your corp, nor do API keys somehow prevent corps frmo getting kicked from alliance and stuff like that.


Kieron VonDeux wrote:

Other wise you would be just pushing Corps toward asking for RL information even more.


which wont work anyways, because I dont believe people cba to give anyone in game his RL information.
Kieron VonDeux
#85 - 2016-05-09 15:31:11 UTC
Robert Caldera wrote:
Kieron VonDeux wrote:

Only if they made spies far less effective by requiring corp set (adjustable) number of members to agree on something like kicking Corps from Alliance

bs, you dont need to give roles for anyone in your corp, nor do API keys somehow prevent corps frmo getting kicked from alliance and stuff like that.


Kieron VonDeux wrote:

Other wise you would be just pushing Corps toward asking for RL information even more.


which wont work anyways, because I dont believe people cba to give anyone in game his RL information.



You must be in a rather small Corp. You must trust people with roles in larger Corps or people will leave because nothing ever gets done.
Shae Tadaruwa
Science and Trade Institute
Caldari State
#86 - 2016-05-09 15:36:07 UTC
Kieron VonDeux wrote:
Robert Caldera wrote:
Kieron VonDeux wrote:

Only if they made spies far less effective by requiring corp set (adjustable) number of members to agree on something like kicking Corps from Alliance

bs, you dont need to give roles for anyone in your corp, nor do API keys somehow prevent corps frmo getting kicked from alliance and stuff like that.


Kieron VonDeux wrote:

Other wise you would be just pushing Corps toward asking for RL information even more.


which wont work anyways, because I dont believe people cba to give anyone in game his RL information.



You must be in a rather small Corp. You must trust people with roles in larger Corps or people will leave because nothing ever gets done.


Not new recruits though, which is what this thread is about.

You are just posting all levels of stupid in this thread.

Dracvlad - "...Your intel is free intel, all you do is pay for it..." && "...If you warp on the same path as a cloaked ship, you'll make a bookmark at exactly the same spot as the cloaky camper..."
Lucas Kell
Solitude Trading
S.N.O.T.
#87 - 2016-05-09 15:36:08 UTC
Kieron VonDeux wrote:
You must be in a rather small Corp. You must trust people with roles in larger Corps or people will leave because nothing ever gets done.
Sure, but if you're in a corp and they're just handing people roles without vetting them, that's worse than simply not giving out roles. And trust works both ways. Why should a corp CEO trust someone with roles if the player won't even trust the CEO with in-game information about their characters.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Kieron VonDeux
#88 - 2016-05-09 15:43:36 UTC  |  Edited by: Kieron VonDeux
Lucas Kell wrote:
Kieron VonDeux wrote:
You must be in a rather small Corp. You must trust people with roles in larger Corps or people will leave because nothing ever gets done.
Sure, but if you're in a corp and they're just handing people roles without vetting them, that's worse than simply not giving out roles. And trust works both ways. Why should a corp CEO trust someone with roles if the player won't even trust the CEO with in-game information about their characters.



Most certainly.

Corps need to screen new players and should never give them roles quickly which has nothing to do with...

Robert Caldera wrote:
bs, you dont need to give roles for anyone in your corp, nor do API keys somehow prevent corps frmo getting kicked from alliance and stuff like that.




Underlined the important part.

Didn't touch that last part related to APIs trying to prevent spies who later could get roles that could allow them to do bad things.
Vimsy Vortis
Shoulda Checked Local
Break-A-Wish Foundation
#89 - 2016-05-09 15:47:12 UTC
I actually think it's pretty funny when you give people roles who really shouldn't have roles.

Great stuff happens, like someone spending your entire alliance wallet buying far too many rattlesnakes because they don't realize that they're going into market deliveries so they just keep clicking the button over and over for twenty minutes.

You know who you are.
Eli Stan
Center for Advanced Studies
Gallente Federation
#90 - 2016-05-09 15:58:49 UTC
Just about everybody agrees that social engagement and player-player interaction are vital to new player retention. To many people, however, this comes in the form of "join a player corp" type advice yet there are barriers to doing that, such as the API check Pivo metions, and there are many more ways to be social and engaging that joining a player corp. Which is why I hope something comes of the social-group talk that happened a while ago.
Geronimo McVain
The Scope
Gallente Federation
#91 - 2016-05-09 16:03:11 UTC
Lucas Kell wrote:
Kieron VonDeux wrote:
You must be in a rather small Corp. You must trust people with roles in larger Corps or people will leave because nothing ever gets done.
Sure, but if you're in a corp and they're just handing people roles without vetting them, that's worse than simply not giving out roles. And trust works both ways. Why should a corp CEO trust someone with roles if the player won't even trust the CEO with in-game information about their characters.

He doesn't but will HE give me HIS API? Most likely not. I have no Problems if someone checks my wallet but mail is personal Information and if someone uses mail and not an open channel there might be a reason for it. If I Hand over These informations I'm betraying his trust.
If they want to check me, that's okay but constant Observation sounds to much like Mittens Paranoia. If I give out the API I can still communicate with any 3rd party tool. So you might only get the dumb spys but will miss the really clever ones and that are the dangerouse ones.
Kieron VonDeux
#92 - 2016-05-09 16:15:39 UTC
Geronimo McVain wrote:
Lucas Kell wrote:
Kieron VonDeux wrote:
You must be in a rather small Corp. You must trust people with roles in larger Corps or people will leave because nothing ever gets done.
Sure, but if you're in a corp and they're just handing people roles without vetting them, that's worse than simply not giving out roles. And trust works both ways. Why should a corp CEO trust someone with roles if the player won't even trust the CEO with in-game information about their characters.

He doesn't but will HE give me HIS API? Most likely not. I have no Problems if someone checks my wallet but mail is personal Information and if someone uses mail and not an open channel there might be a reason for it. If I Hand over These informations I'm betraying his trust.
If they want to check me, that's okay but constant Observation sounds to much like Mittens Paranoia. If I give out the API I can still communicate with any 3rd party tool. So you might only get the dumb spys but will miss the really clever ones and that are the dangerouse ones.



That is one reason I think what CCP has done here is really flawed, but it is better than not having it because how else are Corps going to screen players?
Lucas Kell
Solitude Trading
S.N.O.T.
#93 - 2016-05-09 16:27:00 UTC
Eli Stan wrote:
Just about everybody agrees that social engagement and player-player interaction are vital to new player retention. To many people, however, this comes in the form of "join a player corp" type advice yet there are barriers to doing that, such as the API check Pivo metions, and there are many more ways to be social and engaging that joining a player corp. Which is why I hope something comes of the social-group talk that happened a while ago.
I guess a lot of us just don;t see it as a barrier to entry. I'd be far happier to see more API checks and less hard SP limits. The API really doesn't contain information of value, and the people being so overly protective of it usually do so because they don't understand it. Amusingly most of them are perfectly happy to jam it into third party applications without a second thought though.

Geronimo McVain wrote:
He doesn't but will HE give me HIS API? Most likely not. I have no Problems if someone checks my wallet but mail is personal Information and if someone uses mail and not an open channel there might be a reason for it. If I Hand over These informations I'm betraying his trust.
If they want to check me, that's okay but constant Observation sounds to much like Mittens Paranoia. If I give out the API I can still communicate with any 3rd party tool. So you might only get the dumb spys but will miss the really clever ones and that are the dangerouse ones.
I imaging not, since you have no real reason for needing his API beyond wanting too peruse his information. If I were joining a corp and the CEO didn't want my API, that tells me he doesn't want other people API, and so he may be recruiting people who want to steal from me. By taking an API key he's enforcing a minimum level of effort for those types of pilots, in most cases (because most corporations aren't massive) a level of effort that makes it not worth the potential payout.

Why are you using an in-game mail service for personal information anyway? The security on in-game information isn't as good as it's not covered by data protection laws, which is why people dropping into random private channels or seeing each other hangars and such when bugs have happened hasn't resulted in massive fines levied. Nothing anyone can fetch through the API should be of any real world significance. That why CCPs EULA states "Except for certain information in your Account (discussed below), all transmissions by you to the System are not private. You acknowledge and agree that you have no expectation of privacy regarding communications you make in the Game, whether through private in-Game messaging, during chat, or in chat rooms".

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Lucas Kell
Solitude Trading
S.N.O.T.
#94 - 2016-05-09 16:31:33 UTC
Kieron VonDeux wrote:
That is one reason I think what CCP has done here is really flawed, but it is better than not having it because how else are Corps going to screen players?
What about it is flawed? You have complete control or who you give information to and what information you give to them, and the ability to revoke those permissions whenever you want. From CCPs perspective they've given the most flexible service they can (and considerably better than the old limited/full keys).

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
May Arethusa
Junction Systems
#95 - 2016-05-09 16:48:25 UTC
Geronimo McVain wrote:
Lucas Kell wrote:
Kieron VonDeux wrote:
You must be in a rather small Corp. You must trust people with roles in larger Corps or people will leave because nothing ever gets done.
Sure, but if you're in a corp and they're just handing people roles without vetting them, that's worse than simply not giving out roles. And trust works both ways. Why should a corp CEO trust someone with roles if the player won't even trust the CEO with in-game information about their characters.

He doesn't but will HE give me HIS API? Most likely not. I have no Problems if someone checks my wallet but mail is personal Information and if someone uses mail and not an open channel there might be a reason for it. If I Hand over These informations I'm betraying his trust.
If they want to check me, that's okay but constant Observation sounds to much like Mittens Paranoia. If I give out the API I can still communicate with any 3rd party tool. So you might only get the dumb spys but will miss the really clever ones and that are the dangerouse ones.


It's less about constant observation, and more about keeping your records up to date. When I was responsible for API checks, I would expect them to be non-expiring. This isn't so I can keep tabs on you, trawling through multiple APIs each day is not something most people enjoy doing. Beyond the initial check, most APIs never get looked at again until a situation arises that requires people to look at them again.

The last time someone tried to steal something from my previous corp, it was easy to narrow down the possible suspects because only a handful of people didn't have valid API keys. A simple request sent out to those people instantly narrowed it down to a single suspect who was hesitant to comply (they were all Directors who had been in their positions longer than I had, so I hadn't asked until it was necessary.) In the end he relented, believing he had sufficiently removed any trace of his crime from his account. It was the glaring lack of data for the time period surrounding the theft that gave it away. The assets were returned, he was publicly shamed, and departed the corp soon after.

The time before that, in another corp, our hapless CEO had rather foolishly granted roles to a member without ensuring the roles were set up correctly, which cost the corp the entirity of its physical assets. Once again, it was one of the few members who had not provided an API key responsible. He refused when asked, and my suspicions were confirmed upon checking the audit logs which showed he had removed his roles moments after the act. Apparently while I was on an extended break, our CEO made the same mistake again.

People are right to question why they should be required to provide this information, but in most situations it is for their own benefit. If you walked into a bank and saw their vault open and stacks of gold bars on display with no security in sight, would you open an account there? I'd hope not, and the same is true of Corp security. Having been the guy checking APIs, I find it somewhat reassuring that someone is at least attempting to keep an eye out for spies, thieves, and awoxers when I apply to a corp.
Chewytowel Haklar
Brutor Tribe
Minmatar Republic
#96 - 2016-05-09 17:47:09 UTC
Meh, I don't really care if they require this as I have nothing to hide really. If they want to waste time looking through my garbage it's fine with me.
Nat Silverguard
Aideron Robotics
Aideron Robotics.
#97 - 2016-05-09 17:54:42 UTC
this is really simple... if the corp you want to join is worth it then give your API, if not, move on. Smile

Just Add Water
Kieron VonDeux
#98 - 2016-05-09 18:16:13 UTC
Lucas Kell wrote:
Kieron VonDeux wrote:
That is one reason I think what CCP has done here is really flawed, but it is better than not having it because how else are Corps going to screen players?
What about it is flawed? You have complete control or who you give information to and what information you give to them, and the ability to revoke those permissions whenever you want. From CCPs perspective they've given the most flexible service they can (and considerably better than the old limited/full keys).


One player getting their API Keys compromised can essentially create a 24 hr active spy in any Corp or Alliance that is unfortunate enough to have him or her in their Corp.

I realize many would think that is a great feature for them to create and utilize but as a member of that group you have no way to counter that other than to tell everyone to regenerate their keys and hope that player is active enough to do so or inactive enough for you to kick.

The Full API provides too much information that can be exploited for the sake of convenience and the damage of one spy can be so great that it really encourages asking for all the information that can be provided when you only really need a limited subset of that.
There are things in the Full API that helps your enemies far more than yourself, but so many just ask for a full key.

Now don't get me wrong. I fully support the purpose of the API Key feature, but I think it could be improved.
I do not think it should be trashed by any means.

Granted one could say that if someone is dumb enough to ask for something that shoots them in the foot then they should be free to do so.

I would not put this on the must do list. I think this issue is probably a 2 out of 10 in regards to how bad a flaw it is but I do recognize its kind of in the spirit of Eve Online.

So in that regard maybe saying it is really flawed might be a bit much but it could be a bit less user dangerous.

The Administration side of me says too easy to screw up, the Eve Player side of me says let them make their own mess.
Shayla Etherodyne
Delta Laroth Industries
#99 - 2016-05-09 18:26:22 UTC
Lucas Kell wrote:
Kieron VonDeux wrote:
You must be in a rather small Corp. You must trust people with roles in larger Corps or people will leave because nothing ever gets done.
Sure, but if you're in a corp and they're just handing people roles without vetting them, that's worse than simply not giving out roles. And trust works both ways. Why should a corp CEO trust someone with roles if the player won't even trust the CEO with in-game information about their characters.


The CEO, the directors, the guy that wrote the corp API key applications, the guys that manage the alliance security ...
You see, it is not 1 person, it is several persons and you don't have any idea who are several of them.
Lucas Kell
Solitude Trading
S.N.O.T.
#100 - 2016-05-09 19:26:18 UTC
Kieron VonDeux wrote:
One player getting their API Keys compromised can essentially create a 24 hr active spy in any Corp or Alliance that is unfortunate enough to have him or her in their Corp.
That's not a flaw, that's a consequences of players being lax in their own responsibility. And at most they'll just be spilling out corp mails, which since you're so precious of your intel will be links to a site with authentication right?

Kieron VonDeux wrote:
The Full API provides too much information that can be exploited for the sake of convenience and the damage of one spy can be so great that it really encourages asking for all the information that can be provided when you only really need a limited subset of that.
The full key still only spills a characters info. I've been playing more than 11 years and I've never run into a problem where someone else's insecure API key has cause problems to me or a corp I've been in.

Kieron VonDeux wrote:
Now don't get me wrong. I fully support the purpose of the API Key feature, but I think it could be improved.
Sure enough, most systems can be improved. What kind of improvements were you thinking?

Shayla Etherodyne wrote:
The CEO, the directors, the guy that wrote the corp API key applications, the guys that manage the alliance security ...
You see, it is not 1 person, it is several persons and you don't have any idea who are several of them.
Depending on what type of structure they have in place, sure, but for a normal corp it would just be the security guys. Again though, I'm still not seeing what the massive problem is with people requesting in-game character information. At the end of the day if you don;t want to give out your API info because you feel your data is oh so important, then don't. That doesn't make it a bad thing for corporations to have basic security in place that stops the zero effort awoxers.

And again, how many people that are all super secretive about their API information freely feed it into 3rd party applications? You think the guys running those sites don't use that info for anything else?

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.