These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Why does a corp want my api?
Author
Previous Topic Next Topic
Lan Wang
Princess Aiko Hold My Hand
Safety. Net
#121 - 2016-05-12 08:54:32 UTC
private information in a video game hahahahahahahahahahahahahahahahaha

Domination Nephilim - Angel Cartel

Calm down miner. As you pointed out, people think they can get away with stuff they would not in rl... Like for example illegal mining... - Ima Wreckyou*
Gimme Sake
State War Academy
Caldari State
#122 - 2016-05-12 08:58:30 UTC
Lan Wang wrote:
private information on the Internet hahahahahahahahahahahahahahahahaha

"Never not blob!" ~ Plato
Geronimo McVain
The Scope
Gallente Federation
#123 - 2016-05-12 09:09:37 UTC  |  Edited by: Geronimo McVain
Shae Tadaruwa wrote:

19. You may not communicate, post or publicize any subscriber’s personal information within the EVE Online game world or website.[/i]

There are several other relevant clauses, however those 3 are a good summary and you have agreed to acknowledge and accept them all when you signed up to the game.

From those 3 alone:

1. You have no expectation of privacy, including when using in game mail
2. You don't own anything you do in game. CCP owns it all (including the mails your character sends)
3. You agree not to communication any personal information in game

Now, go say those lines because internet lawyering without a law degree and a speciality in the area is bad.
Can you, by any means guarantee, that there are no personal informations in email or otherwise: what are you looking for if NOT for personal informations? And the EULA is between you and CCP and not about making information public outside CCP empolyees.

That the information belongs to CCP is a legal construct so that you don't have any legal issues when they get lost.

And point 3 three more or less is exactly what I'm saying. You email has personal informations about you and the one you communicate with.

Okay, I'm out of it, we have different opinions on privacy. I'm also doubting that CCP intended the email API for this use.
Shae Tadaruwa
Science and Trade Institute
Caldari State
#124 - 2016-05-12 09:17:21 UTC  |  Edited by: Shae Tadaruwa
Geronimo McVain wrote:
what are you looking for if NOT for personal informations?

Character information.

That isn't really that hard to understand is it?

You are confusing your privacy and thinking that a fictional character in a fictional galaxy, 20,000 years into the future, that is owned by CCP, is somehow you. It isn't.

Quote:
And the EULA is between you and CCP and not about making information public outside CCP empolyees.

Maybe just read this one line again:

You acknowledge and agree that you have no expectation of privacy regarding communications you make in the Game, whether through private in-Game messaging, during chat, or in chat rooms.

If you think your in game communications in chat channels and mails are only with CCP, then that's lah lah land.

I can understand you have a view and you want that view to be correct. That's natural.

But when the evidence is clearly there and it's an agreement you have made - that your in game mails don't belong to you, they belong to CCP and that you have no expectation of privacy with anything you do in game; then ignoring that and sticking to your false view is nuts.

There is no expectation of privacy. Zero, zip, nada, less than any. Absolutely 0 expectation of privacy.

You don't own the mails your character sends and my views on privacy are quite normal - I view privacy as extremely important - which is why to begin with, I don't communicate anything personal in the game (just as the TOS outlines).

Dracvlad - "...Your intel is free intel, all you do is pay for it..." && "...If you warp on the same path as a cloaked ship, you'll make a bookmark at exactly the same spot as the cloaky camper..."
Gully Alex Foyle
The Scope
Gallente Federation
#125 - 2016-05-12 09:50:06 UTC
Geronimo McVain wrote:
Let's just state that some people have different ideas how much pixel personal information someone else is entitled to sift through just for entering a pixel corp.
FTFY and that sums up the whole point.

Corps want to know Geronimo McVain's personal information, not the RL dude's (except Goons, obviously).

The main reason is that, in the virtual world where Geronimo McVain exists, there are no laws, no government, no police, no democracy, etc. etc. It's a virtual ruthless place where virtual civil rights have no reason to exist because they would easily endanger every virtual person's virtual assets, the outcome of virtual wars, etc. etc.

Make space glamorous! Is EVE dying or not? Ask the EVE-O Death-o-meter!
Lucas Kell
Solitude Trading
S.N.O.T.
#126 - 2016-05-12 09:55:12 UTC
Geronimo McVain wrote:
And I doubt that most spies will enter a company just to rob it. The amount of work to get into a position where he can do real harm is just crazy and nobody can guarantee that he will ever get into such a position.
If there's lax security, they definitely will. Hell I have trade alts who join bad corps with no API checks and steal stuff, just because it's easy and low risk. Just by having to provide the API, it suddenly makes it harder, and when having to provide a full API all of a sudden the effort to infiltrate the corp grows to the point that in most cases it's not worth it. Having to build an alt with no affiliation to your opther character, and no transferred assets on a clean account is a big task. That's why just having the full API checks in place remove most attempts to awox.

Geronimo McVain wrote:
But that doesn't change the point that searching email is way to invasiv just for entering some virtual pixel corp, IMHO.
If it were email, sure it would be invasive, but it's not, it's in game communications and they are categorically not private as Sha has indicated above by providing quotes from the EULA.

Geronimo McVain wrote:
Let's just state that some people have different ideas how much personal information someone else is entitled to sift through just for entering a pixel corp.
People are entitled to sift through as much or as little information as they want. By running a corporation they have complete control over what requirements they have in place on recruitment. You not wanting to part with your precious evemail data doesn't stop them being entitled to do whatever they want when recruiting players. Just don't join corps that ask for if you don't like it. That's a choice you are entitled to.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Lan Wang
Princess Aiko Hold My Hand
Safety. Net
#127 - 2016-05-12 10:09:48 UTC
^^ this. dont join the corp if you dont like giving out api, just dont expect to join a decent corp if you think the api is a an invasion of privacy

Domination Nephilim - Angel Cartel

Calm down miner. As you pointed out, people think they can get away with stuff they would not in rl... Like for example illegal mining... - Ima Wreckyou*
Kieron VonDeux
#128 - 2016-05-12 11:19:29 UTC
Lan Wang wrote:
private information in a video game hahahahahahahahahahahahahahahahaha



There is a difference between truly private information which doesn't exist within this game and personal Character information, that CCP still calls "private", which is everything about the character that isn't already considered "public" within the API Key feature.

There are aspects about the personal information of a Character which some players don't want to give out regardless of how cool the prospective Corp they want to join is.

I would prefer that my Corp doesn't know my out of corp JF / Freighter / Bowhead alt's name so they can keep it on a list that can be stolen by our enemies. The combination of skills, assets, and of course name allows for this to be gleaned.

There is a lot of information my Corp really doesn't "need" to know that is more usable for our enemies.

A limited key with very specific information can do 90% of what a Corp wants and would only be 10% as helpful to our enemies if compromised.

That is why it so careless, silly, and as someone before mentioned, security "theatre".
"oh they want a FULL KEY, they must have their act really together", yeah right.

More like they are doing most of the SPAI's job for them.

But I forgot that those really security tough orgs never get spies in them. You know, because a full key will always catch the best and most dangerous spies. Roll
Lan Wang
Princess Aiko Hold My Hand
Safety. Net
#129 - 2016-05-12 12:25:28 UTC
i guess asking for a full key isnt a security feature as such, it may just be a way to root out awkward people Roll

Cant keep your bowhead pilot on a list?, you know thats a pretty terrible idea, you would be shot on sight from most for not having your alts blue and that would be your own fault.

a full key wont catch the best spais just like a car alarm wont stop the best car thieves, but it does help

its pretty simple though don't submit your full api then go find another corp who can fit your api requirements better.

Ps. we ask people to delete api's after joining because its not just risk to yourself it risks the whole alliance

Domination Nephilim - Angel Cartel

Calm down miner. As you pointed out, people think they can get away with stuff they would not in rl... Like for example illegal mining... - Ima Wreckyou*
Kieron VonDeux
#130 - 2016-05-12 12:53:03 UTC
Lan Wang wrote:


Ps. we ask people to delete api's after joining because its not just risk to yourself it risks the whole alliance


That is a great policy which I wish others would follow. Full api to screen but limited non expiry to auto check for 3rd party site and comms access. But so many ask for full non expiry that you can't delete while in Corp which creates a lot of risk.

As far as Bowhead being blown up by your own, yeah, that would depend on your organization's Hi Sec activities in which case there is a risk if you don't share the pilots name.
Lucas Kell
Solitude Trading
S.N.O.T.
#131 - 2016-05-12 13:14:41 UTC
Kieron VonDeux wrote:
That is a great policy which I wish others would follow. Full api to screen but limited non expiry to auto check for 3rd party site and comms access. But so many ask for full non expiry that you can't delete while in Corp which creates a lot of risk.
It doesn't create "a lot" of risk, in most cases it creates no additional risk. Remember that people go handing out full API keys all the time anyway for 3rd party applications, so it really doesn't matter whether you get your corpmembers to only use a limited key or not. And someone getting a single full key from anyone in your corp (including a spy account) has just as much information on that corp as they will get for having everyone's keys. The only thing giving out limited keys prevents is access to individual characters data, which is at best irrelevant to other corp members from security point of view. But on the other hand holding full keys allows continuous monitoring, so spies and awoxers have to keep up the same level of effort in separating their accounts going forward, making it more of a challenge to maintain the account.

At the end of the day, the only reason corp security benefits from not using full keys is if the corp security policies suck. Again though, it's down to the individual corp to decide how they want to run their security. Whether they want no keys, limited keys of full keys is entirely up to them. Personally I'll only join if they want full keys (or I'm joining with the intention of stealing assets or intel, in which case limited or no keys are softer targets).

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Kieron VonDeux
#132 - 2016-05-12 13:46:54 UTC
Lucas Kell wrote:
Kieron VonDeux wrote:
That is a great policy which I wish others would follow. Full api to screen but limited non expiry to auto check for 3rd party site and comms access. But so many ask for full non expiry that you can't delete while in Corp which creates a lot of risk.
It doesn't create "a lot" of risk, in most cases it creates no additional risk. Remember that people go handing out full API keys all the time anyway for 3rd party applications, so it really doesn't matter whether you get your corpmembers to only use a limited key or not. And someone getting a single full key from anyone in your corp (including a spy account) has just as much information on that corp as they will get for having everyone's keys. The only thing giving out limited keys prevents is access to individual characters data, which is at best irrelevant to other corp members from security point of view. But on the other hand holding full keys allows continuous monitoring, so spies and awoxers have to keep up the same level of effort in separating their accounts going forward, making it more of a challenge to maintain the account.

At the end of the day, the only reason corp security benefits from not using full keys is if the corp security policies suck. Again though, it's down to the individual corp to decide how they want to run their security. Whether they want no keys, limited keys of full keys is entirely up to them. Personally I'll only join if they want full keys (or I'm joining with the intention of stealing assets or intel, in which case limited or no keys are softer targets).


As a spy, I would rather join a Corp that requires and maintains full keys for all or most of their members because it will make my job a lot easier.

After a bit of social engineering and climbing the ranks, I could keep real time tracking of all assets in order to determine when a Corp is and when it isn't a threat to my parent Corp. I could keep more accurate idea of when a deployed Corp has enough assets to counter my parent Corp in any give system and when certain players online would tip the balance of any given fight due to the ships they have in their local hanger and which doctrines would be optimal or useless depending on ships available in combination of skills of the online pilots.

Little edges like that can decide a battle before it even starts, and it isn't about the stealing of the assets, its about stealing the information of what assets are where and who is available to fly them. That kind of spy pays off for years instead of just for the chance of the big steal. And Corps that maintain that complete information on all their characters are a huge benefit to get a spy in just for those reasons alone.

Information is often more valuable to a battle than the equipment used in that battle. And it can help in knowing when to fight and when to stand down in any given situation. Blue balling enemy can be just as effective as beating them in a battle.
Lucas Kell
Solitude Trading
S.N.O.T.
#133 - 2016-05-12 15:33:44 UTC
Kieron VonDeux wrote:
As a spy, I would rather join a Corp that requires and maintains full keys for all or most of their members because it will make my job a lot easier.

After a bit of social engineering and climbing the ranks, I could keep real time tracking of all assets in order to determine when a Corp is and when it isn't a threat to my parent Corp. I could keep more accurate idea of when a deployed Corp has enough assets to counter my parent Corp in any give system and when certain players online would tip the balance of any given fight due to the ships they have in their local hanger and which doctrines would be optimal or useless depending on ships available in combination of skills of the online pilots.

Little edges like that can decide a battle before it even starts, and it isn't about the stealing of the assets, its about stealing the information of what assets are where and who is available to fly them. That kind of spy pays off for years instead of just for the chance of the big steal. And Corps that maintain that complete information on all their characters are a huge benefit to get a spy in just for those reasons alone.

Information is often more valuable to a battle than the equipment used in that battle. And it can help in knowing when to fight and when to stand down in any given situation. Blue balling enemy can be just as effective as beating them in a battle.
Except of course if you were able to raise to a high enough rank that you gained access to all of the API details held by the corp, you would undoubtedly be in a position to cripple the corp anyway and would already know the capability of the corp. Seeing individual members assets doesn't help with that.

The type of information you're talking about obtaining doesn't require the API since you can get most of that as a newbie line member simply by talking to members about fits for a bit. If you manage to get to the rank of a director level spy in the corporation, what type of API keys they hold is completely irrelevant (though a limited API key would be likely to show character sheet anyway), since API or not it will be part of your role to know what the corporations capabilities are, so you'll have access to that information.

I know you'll run with the "my main I keep hidden for :opsec: is a secret spymaster", but it's blindingly obvious you have no idea what you are talking about.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Kieron VonDeux
#134 - 2016-05-12 16:30:49 UTC  |  Edited by: Kieron VonDeux
Lucas Kell wrote:

I know you'll run with the "my main I keep hidden for :opsec: is a secret spymaster", but it's blindingly obvious you have no idea what you are talking about.


I can't believe how easy you could call me on that. No really.

Being able to in real time track specific member assets down to which modules they have fitted and what they have brought with them to specific stations is tactically far greater detail than any general idea that any senior leadership will know without doing the same asset analysis. You would be better informed than any FC as to what he can get before he gets it based upon who is online and what they have brought to any specific station.

And having a compromised enemy that you can know is also frequently better than out right temporarily crippling them risking exposing yourself. The exact circumstance dictates which would be better though.

I realize I can't convince the great Lucas Kell of the value of that type of information but many do find it useful. Its just sad that many Corps allow spies to get, or risk getting, such detailed information in the name of their own security.
Lucas Kell
Solitude Trading
S.N.O.T.
#135 - 2016-05-12 17:01:53 UTC  |  Edited by: Lucas Kell
Kieron VonDeux wrote:
Being able to in real time track specific member assets down to which modules they have fitted and what they have brought with them to specific stations is tactically far greater detail than any general idea that any senior leadership will know without doing the same asset analysis. You would be better informed than any FC as to what he can get before he gets it based upon who is online and what they have brought to any specific station.
Except it doesn't since you have no way of knowing what is a corporation level asset and what is not. You can make wild assumptions but until the fleet actually forms you can't really see what will be used and what won't.

Kieron VonDeux wrote:
And having a compromised enemy that you can know is also frequently better than out right temporarily crippling them risking exposing yourself. The exact circumstance dictates which would be better though.
Sure, depending on the enemy, but I guarantee if you are a director level spy the individual player API keys are really not that useful to you compared to the information you gain from your position. Plus running off and fetching the APIs would pretty rapidly show up to anyone checking out their API logs potentially exposing you anyway.

In addition, you claim that you'd be able to pull all this useful information, yet you overlook that if you think the information is so useful for making tactical decisions, then surely by the corp not holding the API and thus not having that information, the legitimate directors would not be able to make tactical decisions themselves. You can't have it both ways, the information can't be useless enough to the real directorate that they shouldn't hold API keys, but important enough to a spy that even with director level access they would turn the tide of a war.

Kieron VonDeux wrote:
I realize I can't convince the great Lucas Kell of the value of that type of information but many do find it useful. Its just sad that many Corps allow spies to get, or risk getting, such detailed information in the name of their own security.
I am pretty great huh? I'm convinced of the value of information to the corporation itself, I'm just not convinced of your idea that holding full API keys exposes a corporation to an extreme amount of risk.

Effectively what you are saying here is that while you think this information is vitally useful, corporations should not hold keys to this information (and thus cripple their own internal intel) because in the off chance they recruit a director level spy the enemy might be able to use the information to pick and choose when to blueball you, something any FC level spy could do anyway.

Ed: Oh and yes, I call you out on that pretty easily since it speaks to what type of player you are. People that can't even voice an opinion without hiding behind an alt usually aren't the type of people who's opinions can be taken that seriously.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Shayla Etherodyne
Delta Laroth Industries
#136 - 2016-05-12 17:37:13 UTC
Lucas Kell wrote:
Kieron VonDeux wrote:
That is a great policy which I wish others would follow. Full api to screen but limited non expiry to auto check for 3rd party site and comms access. But so many ask for full non expiry that you can't delete while in Corp which creates a lot of risk.
It doesn't create "a lot" of risk, in most cases it creates no additional risk. Remember that people go handing out full API keys all the time anyway for 3rd party applications, so it really doesn't matter whether you get your corpmembers to only use a limited key or not. And someone getting a single full key from anyone in your corp (including a spy account) has just as much information on that corp as they will get for having everyone's keys. The only thing giving out limited keys prevents is access to individual characters data, which is at best irrelevant to other corp members from security point of view. But on the other hand holding full keys allows continuous monitoring, so spies and awoxers have to keep up the same level of effort in separating their accounts going forward, making it more of a challenge to maintain the account.

At the end of the day, the only reason corp security benefits from not using full keys is if the corp security policies suck. Again though, it's down to the individual corp to decide how they want to run their security. Whether they want no keys, limited keys of full keys is entirely up to them. Personally I'll only join if they want full keys (or I'm joining with the intention of stealing assets or intel, in which case limited or no keys are softer targets).



You give out full keys left and right to third party applications. I give out limited keys with only what I am willing to share.
Kieron VonDeux
#137 - 2016-05-12 17:40:41 UTC
Lucas Kell wrote:

Effectively what you are saying here is that while you think this information is vitally useful, corporations should not hold keys to this information (and thus cripple their own internal intel) because in the off chance they recruit a director level spy the enemy might be able to use the information to pick and choose when to blueball you, something any FC level spy could do anyway.

Ed: Oh and yes, I call you out on that pretty easily since it speaks to what type of player you are. People that can't even voice an opinion without hiding behind an alt usually aren't the type of people who's opinions can be taken that seriously.



Actually the information isn't absolutely vital but does frequently give you a tactical advantage when you do know. As I mentioned, its a little edge you can get at times.

And It would not cripple a Corp's counter intelligence operations by not continuously tracking its member's asset information, but it could help your enemies to know that information. There are like a half dozen things that are useless for a Corp to track with a Full API, but it sounds really cool to demand one.

And as why for the alt; yeah, political reasons to be sure. Too outspoken at times, something about causing issues with allies.
Well since then I've always used an alt so I don't have to deal the that political BS.
Lucas Kell
Solitude Trading
S.N.O.T.
#138 - 2016-05-12 18:28:46 UTC
Shayla Etherodyne wrote:
You give out full keys left and right to third party applications. I give out limited keys with only what I am willing to share.
Most players give out keys with most of their info on them. They think that programs like eve-mon have never and will never communicate data with the owners. Hell, loads of people jam their keys into sites like jacknife when we know full well that the players behind them harvest that data.

Kieron VonDeux wrote:
Actually the information isn't absolutely vital but does frequently give you a tactical advantage when you do know. As I mentioned, its a little edge you can get at times.
So why does it only give an advantage to the enemy? Why do you think a corp know it's own members capabilities precisely wouldn't be of help?

Kieron VonDeux wrote:
And It would not cripple a Corp's counter intelligence operations by not continuously tracking its member's asset information, but it could help your enemies to know that information. There are like a half dozen things that are useless for a Corp to track with a Full API, but it sounds really cool to demand one.
It's not that it sounds cool at all, it's that people that actually know what they are looking for can use full API keys to great advantage when running a corp. Automated monitoring and member tracking can be incredibly useful, and for the most part the likelihood of getting a director level spy that would actually benefit from API harvesting is effectively nil. For the most part if you just assume everyone else has all the info you have access to, there's no real benefit to them taking the API anyway. It's far riskier to think they don't have access to that info because you don't keep keys then find out they've sourced it through other methods when it bites you in the backside. I mean hell, a director level spy can just sit in a station looking at people's hangars, they don't need an API for that.

Kieron VonDeux wrote:
And as why for the alt; yeah, political reasons to be sure. Too outspoken at times, something about causing issues with allies.
Well since then I've always used an alt so I don't have to deal the that political BS.
In other words you aren't confident enough in your own opinions to stand by them, so you use an alt so you have an easy out. I'm outspoken, I've most certainly had issues with allies, hell I get dropped from miniluv and threatened with my membership of the Imperium over my opinions and still they didn't change. Have some spine man.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
Kieron VonDeux
#139 - 2016-05-12 18:51:42 UTC
Lucas Kell wrote:
In other words you aren't confident enough in your own opinions to stand by them, so you use an alt so you have an easy out. I'm outspoken, I've most certainly had issues with allies, hell I get dropped from miniluv and threatened with my membership of the Imperium over my opinions and still they didn't change. Have some spine man.



No that's not it at all. You can try and push buttons with insults as you like. The post with your main or you are irrelevant is frequently a desperate attempt to gain more things to use against a poster when simply countering what they say falters.

As I learn more and more about how and why your Corp uses Full APIs its starting to sound more like scary tracking online than players having fun in a game, but to each their own.

Have fun with that.
Lucas Kell
Solitude Trading
S.N.O.T.
#140 - 2016-05-12 19:02:21 UTC
Kieron VonDeux wrote:
No that's not it at all. You can try and push buttons with insults as you like. The post with your main or you are irrelevant is frequently a desperate attempt to gain more things to use against a poster when simply countering what they say falters.
I'm sorry if you took it as an insult, that's not how it was intended, it's just a simple fact. If you are in a position where you feel you have to hold your opinion anonymously then you can't really claim to have that much faith in them, and in turn other players won't either.

Kieron VonDeux wrote:
As I learn more and more about how and why your Corp uses Full APIs its starting to sound more like scary tracking online than players having fun in a game, but to each their own.
Yeah, it's super scary to have what effectively boils down to an online version of EVEmon so my alliance knows what ships to supply me with and how to best structure their fleets. It's also super scary to know that awoxers need to jump through so many hoops to be of any significant risk to me.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.