During my last blog post I stated that I was looking for a corp. The crux, I wasn't going to provide my API key. Many of you thought I was just being a pain in the ass, which in most situations is totally true. Honestly though, I really wanted to know what people were looking for when they asked for one. Worse, when they asked for said requested API key to NEVER EXPIRE.. *cringe*. Now prepare yourself for some, excessive cursing, half-assed assumptions, straw man arguments and misleading conclusions. Seriously... I'm terrible at blogging/writing/spelling/punctuation and kind of an idiot.
For those of you who don't know what an API key is, here is a CCP guy talking about it.
Wormhole Life Culture Part 2: API Key Requirement
In the past, API's have had there place, but with the release of citadels to keep your assets safe, along with great sites like EVE Who, EVE Hunt, EVE board, and just plain old Google. You can figure out without much effort what a person has done and if past history is a record of to come actions (9 times out of 10 it is) what a person will do in the future.
Some of the things the above mentioned sites can't do:
- EVE mail - Personal, Corp, Alliance communications to this character.
- EVE Contacts - Who your EVE Contact friends/enemies are and what standings you have for them
- Wallet and Assets - How much money you got and what you own
- Contract history - Who you sold things to and for how much.
- Transactions - Who paid you, or who you paid.
There have been multiple 3rd party API readers, but an easy one to use with just a quick API key. I googled API reader and came up with API Jackknife. I suggest you input your own API and see exactly what everyone could see before you submit your API to others or leave the thing to not expire, ever.
Why we shouldn't use them for Corp Application Intel Gathering.
Privacy
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say" --Edward Snowden
1st Its none of your business who I mail and what we talk about.
2nd The idea that a small amount of information found could be the clinch pin on taking apart a potential infiltrator is a total fallacy.
This fallacy has become a scenario that any recruiter runs through his mind each time he speaks to a potential recruit. The recruiter then builds up a case in his mind during the interview, for or ageist a potential applicant. The thing is, the information on which they make their decision may be inaccurate or incomplete. They are putting together a jigsaw puzzle without all the pieces.
If you can't see the potential harm in that, well the Trump presidency has some open positions for you.
Let me give you an example from my own API.
What you're looking at is the transaction history (about a month mind you, that's as far as this site goes back) from my main character Longinius Spear and others.
If you can't figure it out by looking at this, I gave a character Sir Lomax 2 billion ISK and bought/sold some items. This you could categorize as a "suspect" transaction. It would tell the potential recruiter that Sir Lomax is my alt. Which he is.
Now you could draw all sorts of conclusions from this transaction if you simply didn't ask, "hey, do you have any alts you want join the corp?" in which I would say. Yes. or No.
Simply asking me on voice coms will give you any level of answer that I'm willing to give you.
The issue occurs, when I don't give you the answer you're looking for.
Let say, I don't give you an API key. You would never know that I gave 2 billion ISK to Sir Lomax. What then? What potential scenario do you see occurring that you could have prevented by now knowing Sir Lomax is an alt?
Everyone without missing a beat says "infiltration from a hostile corp" and that's the final part of the argument for them. They have build the case in their minds that they can either prevent an infiltration or stem spy activity by building this case based on fractured data.
Some key things that make this a this stance apart.
1. This is only the previous month or two's transactions. Its not EVERY transaction EVER in the history of this characters. You aren't seeing the full picture, you're not even seeing a glimpse you are just seeing the past transactions the API viewer is letting you see. I can circumvent your very cleaver expected API requirement by simply waiting a month or two. In the programing world we call this garbage in, garbage out.
2. Lets say I did want to transfer money two this potential spy alt from a hostile corp. Because lets say I'm not a spy. (hard to believe) How hard would it be for me to simply put items in my cargo hold of a ship, eject that ship at a safe spot and get in that ship with my alt? You can't see this transaction from an API. Its totally untraceable by anyone other than CCP.
I can't be the only one who's thought of this, its not like I'm a master spy here, you just need to see what the API key actually looks at, then don't do those things. Its not all that hard.
The thing is, most recruiters know this, and when asked directly why even bother, I'm told.
"It weeds out the ones that don't bother with hiding it" "Its, low hanging fruit". Keeps out idiots, essentially.
The follow up response I've had is, "do you need to protect yourself from idiots?"
The fact that an API key requirement intel gathering tool is used at all boggles the mind. Its like trying to figure out if a employee is going to steal things by simply asking him, "hey are you going to steal things from us". Anyone with any sense would simply say "No". The idiots I'm assuming would simply say "Well now that you ask me, yes that was my goal for working here in the first place".
Except in the case of EVE API key requirement, you aren't even asking them, you're just looking at bank transactions between people you don't know and don't have an API key from, then making the assumption that because he didn't give you that name in the first place, the other party must be an accomplice.
Transactions might be one of the easiest things to hide, and yet there isn't a full API recruiter who doesn't look for them. They have build this idea in their head, that this small glimpse of information will protect them in the future, if they simply justify it to themselves by going over useless searches of activity.
I feel like I'm in a crazy alternate reality, where all the EVE recruiters are TSA screeners who think they are going to uncover the next big plot by asking every single person to take off their shoes.
Side note: For those who don't know, even during internal and external audits of TSA screening, they are about 10% effective? Its like everyone is going through the motions, that don't actually do anything, just for the sake of doing them, because the hind sight vision they've constructed would be totally foiled, had they asked.. "hey would you leave the box cutters at home?"
Its all for a completely false sense of security. STOP IT!! I can't keep the TSA from doing dumb shit for no reason, but for this little thing, in this little instance, I'm taking a stand, and you should too!!
Hey Spear, why don't you just play along, what damage could a FULL ACCOUNT API set to NEVER EXPIRE really do?
Here's one, a site called "EVE Skunk".
For those not familiar with the site, its powered by leaked API's to this guys website. API's gotten from god only knows what way. You go there and read alliance/corp mails from people who at one point in time gave their API keys to the site (doubtful) or gave it to a person who then created an API with full EVE mail access.
Not sure how this could happen?
Lets say I'm a recruiter, I demand everyone EVE mails me a full never expire API. I save that in my special EVE mail folder and recruit like 20 people. I then have access to 20 other emails. What happens when I (the recruiter) thinks about going to another corp, which requires full never expire API's? I submit it them... the new corp now has API's of all the people who provided API Keys and thus whatever corps they went to's internal mails.
So on and so on and so on.
It gets worse, many people use the same never expire API for each application they submit, because why make a new one if you're simply shopping around for a new corp. You could have submited an application to a rival corp, who refused you and is now getting mails from whatever corp actually accepted you.
I've already ranted about the effects of the "Location" selection on a full API, because for those who don't know already, you can simply enter ill gotten full API's into a wormhole tracking program for someone who apped to your corp, forever creating their own little wormhole chain maps. These maps keep updating every time you travel anywhere, you can then exploit those maps for god only knows what reason. They aren't even in your corp, but every time they travel through a wormhole, you'll know it! (hi wingspan)
I think the largest damage that the FULL API or Git the fuck out fallacy creates is a future lack of trust in your corp mates. It gives a person with a suspicion a very small bit of information, that can bring doubt on normally innocent interactions. This fallacy hurts human interaction, which really is at the core to why many play EVE. This can lead to drama, accusations and worse.
For those of you who would do an extensive API scrub, before allowing someone to join your corp, I hope my words/opinions have helped sway you to stop doing it. Stop requiring it because the best way to get to know someone is simply talk to them. Ask them what they are about, give them a small level of trust, but don't let their overall exposure to access be categorized as reckless. If they don't play often, kick them. If they sit in coms muted for long periods of time, why the fuck are they they in coms?! These are common sense observations anyone can do, and won't show up on an API screen.
A quick story...
A few years ago I was CEO of a very small wormhole pvp corp. We didn't require API keys to enter. We figured, we could simply sort out everything we would need to know by talking to them and reviewing kill boards. Along came an applicant with a slightly shady past, he had been in another wormhole corp that I was in personal contact with at the time. They had slight falling out and that applicants history was called into question. I said fuck it, and recruited them anyway because shady fuckers is what i wanted in the corp.
After getting to know him from simply playing with him in fleets and in coms, he's someone I would call one of my great EVE friends. This pilot later became one of the top wormhole FC's in the game and is still doing great things.
Take chances, invite crazy people, but be smart about it. Don't give even your best friends access to your items, because even after years and years of playing this game, there isn't a single person I'd trust in this game. NEVER TRUST ANYONE! better advice, don't think your ridiculous background checks would ever give you reasons to trust because people flip for weird reasons and none of those reasons can be weeded out with an API Key mandate.
Let me give you some examples i got from conversations I had with recruiters during my time looking for a corp.
Convo #1
[ 2017.01.05 01:03:54 ] Longinius Spear > Saw your reddit post for LS pvp group, still recruiting?
[ 2017.01.05 01:04:37 ] Ed Hinken > o/
[ 2017.01.05 01:05:04 ] Ed Hinken > yeah were always looking for new members
[ 2017.01.05 01:05:26 ] Longinius Spear > cool, what area do you all call home?
[ 2017.01.05 01:05:56 ] Kuts Mesumslak > o/
[ 2017.01.05 01:05:58 ] Ed Hinken > we live in l lonetrek
[ 2017.01.05 01:06:07 ] Ed Hinken > close to veil tribute and jita
[ 2017.01.05 01:06:17 ] Longinius Spear > Tama then?
[ 2017.01.05 01:07:09 ] Ed Hinken > not to far
[ 2017.01.05 01:07:37 ] Ed Hinken > jan nalvula taisy kinda home
[ 2017.01.05 01:08:02 ] Ed Hinken > its a really good area for pvp we get a lot of traffic going through to jita from null
[ 2017.01.05 01:08:26 ] Longinius Spear > ha, yea I would assume so :)
[ 2017.01.05 01:08:32 ] Ed Hinken > ;)
[ 2017.01.05 01:08:46 ] Ed Hinken > i see you been playing for a while
[ 2017.01.05 01:09:11 ] Longinius Spear > yea, lots of wormhole stuff
[ 2017.01.05 01:09:26 ] Ed Hinken > nice we done the wh thing for a god year
[ 2017.01.05 01:10:06 ] Longinius Spear > API key required?
[ 2017.01.05 01:10:12 ] Ed Hinken > yeah
[ 2017.01.05 01:10:18 ] Longinius Spear > why?
[ 2017.01.05 01:10:38 ] Ed Hinken > just to look over your contacts
[ 2017.01.05 01:10:51 ] Ed Hinken > we dont care about aything else
[ 2017.01.05 01:11:01 ] Longinius Spear > what are you looking for? persons?
[ 2017.01.05 01:12:15 ] NastaKilla > Hey
[ 2017.01.05 01:12:24 ] Longinius Spear > hi
[ 2017.01.05 01:12:27 ] Ed Hinken > NastaKilla our ceo
[ 2017.01.05 01:12:31 ] Longinius Spear > o/
[ 2017.01.05 01:12:34 ] NastaKilla > sup, Just got back
[ 2017.01.05 01:13:41 ] NastaKilla > hows it going, you looking to join our pvp corp?
[ 2017.01.05 01:14:06 ] Longinius Spear > yea, but I was wondering about API thing, really more curious why its required
[ 2017.01.05 01:14:53 ] NastaKilla > Its pretty standard in any corp you join, Allows to to figure our if your intentions are bad
[ 2017.01.05 01:15:00 ] NastaKilla > figure out*
[ 2017.01.05 01:15:09 ] Longinius Spear > O yea, hows that done exactly?
[ 2017.01.05 01:16:03 ] NastaKilla > Okay, So an "API key" is a code set for your account that gives anyone who has it the ability to look into your contacts, Wallet, Mails, Implants etc
[ 2017.01.05 01:16:22 ] NastaKilla > When creating an API key you are able to select what an observer can view
[ 2017.01.05 01:16:40 ] Longinius Spear > Yep. How does it give the viewer the information if my intentions are bad?
[ 2017.01.05 01:17:23 ] NastaKilla > I'm able to see if you make regular transactions to certain accounts, that would suggest to me that theres another account
[ 2017.01.05 01:17:28 ] NastaKilla > things like that
[ 2017.01.05 01:17:36 ] Longinius Spear > and if there was?
[ 2017.01.05 01:17:50 ] NastaKilla > If you tell me you have another account its cool
[ 2017.01.05 01:17:58 ] Longinius Spear > right, then why the api?
[ 2017.01.05 01:18:25 ] NastaKilla > API allows me to see facts, then when i ask a question if a person lies to me I already know about it
[ 2017.01.05 01:18:54 ] Longinius Spear > so you ask questions you already know the answer to, in the idea that they would lie?
[ 2017.01.05 01:19:04 ] Longinius Spear > So its a screening for liars?
[ 2017.01.05 01:19:26 ] NastaKilla > Yes, Its one aspect of judging character
[ 2017.01.05 01:23:10 ] Longinius Spear > Thank you for answering my questions
Convo #2
[ 2017.01.12 22:06:48 ] Kypischovic Malifozik > o7 mate
[ 2017.01.12 22:07:01 ] Kypischovic Malifozik > How are you?
[ 2017.01.12 22:07:20 ] Longinius Spear > Good, you?
[ 2017.01.12 22:07:45 ] Longinius Spear > So lets say I ap up and you ask me for an API, and I say No. What happens?
[ 2017.01.12 22:09:10 ] Kypischovic Malifozik > It basically comes down to, how big does -my- ego get I suppose
[ 2017.01.12 22:09:22 ] Kypischovic Malifozik > I could say screw it, you're in
[ 2017.01.12 22:09:42 ] Kypischovic Malifozik > What kind of music do you like?
[ 2017.01.12 22:10:10 ] Longinius Spear > Depends on what i'm doing
[ 2017.01.12 22:10:22 ] Longinius Spear > but back to API requirement even after you know fully well who and what I"m about
[ 2017.01.12 22:10:38 ] Kypischovic Malifozik > Right
[ 2017.01.12 22:10:48 ] Longinius Spear > thats really why I want to talk to you, I'm desperate for a logical conversation on the topic
[ 2017.01.12 22:10:56 ] Longinius Spear > because as of late, i've yet to have one
[ 2017.01.12 22:11:20 ] Longinius Spear > Most people say... "well If you have an email saying you're going to do something bad" I'll see it
[ 2017.01.12 22:11:25 ] Kypischovic Malifozik > Well, pond is always full of other fish, so you'd always find a corp that wouldn't require one
[ 2017.01.12 22:11:40 ] Longinius Spear > ....
[ 2017.01.12 22:11:45 ] Longinius Spear > I want to know WHY
[ 2017.01.12 22:11:47 ] Kypischovic Malifozik > Yea, but that's where the intelligence gathering stops for most people
[ 2017.01.12 22:12:14 ] Longinius Spear > I could assume, but every scenario in my head comes out with very outlandish things
[ 2017.01.12 22:12:36 ] Kypischovic Malifozik > For a player like you, there isn't much an API could tell me
[ 2017.01.12 22:12:45 ] Longinius Spear > The truth really is, most people know to ask for it, but they don't really know what to look for
[ 2017.01.12 22:12:48 ] Kypischovic Malifozik > (Hence, I'd learn towards waiving that requirement for you)
[ 2017.01.12 22:13:01 ] Longinius Spear > they heard somewhere sometime that it was good to require it, still haven't a clue why ..
[ 2017.01.12 22:13:06 ] Kypischovic Malifozik > As I said, most people's intelligence gathering stops at looking at a message
[ 2017.01.12 22:13:45 ] Longinius Spear > So you're saying, you don't require it... ? I'm confused...
[ 2017.01.12 22:13:59 ] Kypischovic Malifozik > Ok, let me explain;
[ 2017.01.12 22:14:26 ] Kypischovic Malifozik > As you said, most people don't know what to look for, which makes API keys useless for them
[ 2017.01.12 22:14:28 ] Longinius Spear > What would you see in it that you simply couldn't see looking at a kill board or corp history. what scenario do you see occuring because you didn't weed them out with an API key
[ 2017.01.12 22:14:48 ] Kypischovic Malifozik > I can detect if players biomassed characters on a full account API
[ 2017.01.12 22:14:52 ] Longinius Spear > What scenario do you see happening.. from this point forward.. stop doing it. what would happen.
[ 2017.01.12 22:15:13 ] Longinius Spear > Detect biomassed characters. please explain that
[ 2017.01.12 22:15:48 ] Kypischovic Malifozik > An API key gives you total playtime on the account
[ 2017.01.12 22:16:15 ] Longinius Spear > O i know what it does.. one of the many reasons why i stopped giving it out
[ 2017.01.12 22:16:45 ] Longinius Spear > I want to know what you would find if you looked at it and what you would prevent from happeing if you had one
[ 2017.01.12 22:16:46 ] Kypischovic Malifozik > So, I look at your total skill points, I look at your playtime, and it can give me a rough
[ 2017.01.12 22:17:00 ] Longinius Spear > Right, both of those can be found on EVE character sheets
[ 2017.01.12 22:17:10 ] Longinius Spear > so cross those off
[ 2017.01.12 22:17:25 ] Longinius Spear > Next
[ 2017.01.12 22:17:43 ] Kypischovic Malifozik > Eve-board tell your total play time, account wide?
[ 2017.01.12 22:17:50 ] Longinius Spear > For that character
[ 2017.01.12 22:18:07 ] Kypischovic Malifozik > But that's not what I want to know
[ 2017.01.12 22:18:16 ] Kypischovic Malifozik > Hold on; let me show
[ 2017.01.12 22:19:13 ] Longinius Spear > What you 'want to know" and what I'm willing to tell you or show you are two totally different things. The name of the difference between those things is called privacy.
[ 2017.01.12 22:19:35 ] Kypischovic Malifozik > Right
[ 2017.01.12 22:19:55 ] Longinius Spear > So you're saying that if someone joined you, they would be required to no privacy based on your determining factors
[ 2017.01.12 22:20:28 ] Longinius Spear > do you think thats a 50/50 fair way of addressing other players?
[ 2017.01.12 22:21:00 ] Kypischovic Malifozik > In that sense, no.
[ 2017.01.12 22:21:07 ] Longinius Spear > Clearly you have a reason for this, in your head there is some scenario that could be uncovered by you finding out total account play time.
[ 2017.01.12 22:21:24 ] Longinius Spear > I'm asking you.. whats that scenaio?
[ 2017.01.12 22:21:43 ] Kypischovic Malifozik > Right, lets exclude your character, lets exclude my character for a bit
[ 2017.01.12 22:22:22 ] Longinius Spear > whats your nightmare scenario that would be overted had you known my total account play time?
[ 2017.01.12 22:22:58 ] Kypischovic Malifozik > If Random Joe would come to me, in a one month old character, with perfect knowledge on how to fit ships
[ 2017.01.12 22:23:09 ] Longinius Spear > k
[ 2017.01.12 22:23:24 ] Kypischovic Malifozik > He'd say he's in game for a single month
[ 2017.01.12 22:23:38 ] Kypischovic Malifozik > But then I'd see this;
[ 2017.01.12 22:23:43 ] Kypischovic Malifozik > http://puu.sh/tkdXv/1360840231.png
[ 2017.01.12 22:24:13 ] Longinius Spear > what am I looking at. a month and 24 days?
[ 2017.01.12 22:24:23 ] Kypischovic Malifozik > Aye.
[ 2017.01.12 22:24:28 ] Longinius Spear > so what
[ 2017.01.12 22:24:39 ] Kypischovic Malifozik > Random Joe said he's been in game for just a month
[ 2017.01.12 22:24:44 ] Kypischovic Malifozik > One character on his APi
[ 2017.01.12 22:24:50 ] Kypischovic Malifozik > But has a total playtime of two months
[ 2017.01.12 22:25:12 ] Longinius Spear > and that means what? what devlish thing could he do with the extra 24 days of play time?
[ 2017.01.12 22:25:13 ] Kypischovic Malifozik > Random Joe is lying
[ 2017.01.12 22:25:15 ] Longinius Spear > So what
[ 2017.01.12 22:25:31 ] Longinius Spear > how does this effect you?
[ 2017.01.12 22:25:44 ] Kypischovic Malifozik > Why would he lie about his total play time ?
[ 2017.01.12 22:25:56 ] Longinius Spear > why should you care?
[ 2017.01.12 22:26:06 ] Kypischovic Malifozik > I'll show you again
[ 2017.01.12 22:26:18 ] Kypischovic Malifozik > (Gimme a minute to find this one)
[ 2017.01.12 22:26:28 ] Longinius Spear > no.. lets just stay on this one for a minute
[ 2017.01.12 22:26:46 ] Longinius Spear > why do you give two poops why he lied about his play time?
[ 2017.01.12 22:26:50 ] Longinius Spear > why does that matter?
[ 2017.01.12 22:27:13 ] Longinius Spear > My names Frank in real life
[ 2017.01.12 22:27:23 ] Longinius Spear > wait a second.. its Steve..
[ 2017.01.12 22:27:30 ] Longinius Spear > You find out.. its actually Tom
[ 2017.01.12 22:27:33 ] Kypischovic Malifozik > Two months ago we had a character who lied about his total play time
[ 2017.01.12 22:27:40 ] Kypischovic Malifozik > 4 months actually
[ 2017.01.12 22:27:59 ] Longinius Spear > well, you got him.. and did he shoot spaceships differently
[ 2017.01.12 22:28:00 ] Longinius Spear > ?
[ 2017.01.12 22:28:22 ] Kypischovic Malifozik > Two weeks later his main was shooting our citadel
[ 2017.01.12 22:28:50 ] Longinius Spear > Do you think his main would be shooting your citadel anyway?
[ 2017.01.12 22:29:29 ] Longinius Spear > Did your citadel shoot back?
[ 2017.01.12 22:29:35 ] Kypischovic Malifozik > Citadel shot back
[ 2017.01.12 22:29:39 ] Kypischovic Malifozik > Not to much effect
[ 2017.01.12 22:29:44 ] Longinius Spear > win win i guess?
[ 2017.01.12 22:29:59 ] Kypischovic Malifozik > Win for them, our alliance boss ended up paying them off
[ 2017.01.12 22:30:24 ] Kypischovic Malifozik > Not the proudest day in my short eve career
[ 2017.01.12 22:30:36 ] Longinius Spear > I think I'm piecing this together a little
[ 2017.01.12 22:31:27 ] Longinius Spear > you think having continued access to the mails, comings and goings of characters beyond simply asking them as human beings.. you can overt/subvert threats both current and future?
[ 2017.01.12 22:31:27 ] Kypischovic Malifozik > My stance of APIs is a bit complicated, personally I'm not fully black/white, you have to give an API
[ 2017.01.12 22:31:52 ] Kypischovic Malifozik > I personally don't care for the continued access
[ 2017.01.12 22:32:03 ] Kypischovic Malifozik > Any good spy would be smart enough not to use mails on his spy alt
[ 2017.01.12 22:32:05 ] Longinius Spear > i get that, but others have that requirement
[ 2017.01.12 22:32:09 ] Longinius Spear > no shit
[ 2017.01.12 22:32:11 ] Longinius Spear > lol
[ 2017.01.12 22:32:23 ] Kypischovic Malifozik > Hence, 90% of people who check APi's dont know what to look for
[ 2017.01.12 22:32:57 ] Longinius Spear > Well, the other 10 don't seem to know what the final outcome could possibly be if they simply didn't ask for them in the first place
[ 2017.01.12 22:33:05 ] Longinius Spear > they seem to be a tool for paranoia
[ 2017.01.12 22:33:24 ] Longinius Spear > the thing about surveillance is.. it doesn't give you the full picture
[ 2017.01.12 22:33:44 ] Longinius Spear > the scenario you played out was only possible if you ASKED them a question and figured out they where 'lying'.
[ 2017.01.12 22:34:16 ] Longinius Spear > the thing is, getting a spie caught in a lie isn't check mate for most of them. it doesn't stop them from doing what they are doing
[ 2017.01.12 22:35:02 ] Kypischovic Malifozik > Oh, that's for sure, and there's no 100% foolproof way to stop them
[ 2017.01.12 22:35:10 ] Longinius Spear > so why try?
[ 2017.01.12 22:35:45 ] Kypischovic Malifozik > At least try to mitigate the risk to some extent
[ 2017.01.12 22:35:59 ] Kypischovic Malifozik > (And you hate that sentence)
[ 2017.01.12 22:36:09 ] Longinius Spear > ahh.. risk... you haven't shown me at all in the above situation there was real risk in the first place
[ 2017.01.12 22:36:44 ] Kypischovic Malifozik > ((I do hope this is actually a fun conversation for you , and me not just getting you fed up btw))
[ 2017.01.12 22:37:16 ] Longinius Spear > You're helping me formulate a better blog post and for that I thank you
[ 2017.01.12 22:37:37 ] Kypischovic Malifozik > Now I very much wonder if I'm gonna be on the bad side of things
[ 2017.01.12 22:38:13 ] Kypischovic Malifozik > Personally for me though; as I said, API's arent a catch all, hence I don't agree with the black/white yes/no regulation the alliance has
[ 2017.01.12 22:38:40 ] Longinius Spear > The damage of loose API's in Wspace along with how EVE skunk far out weighs any reasons for their continued requirement as a intell gathering tool.
[ 2017.01.12 22:38:55 ] Longinius Spear > Do you know what I can do with your full API?
[ 2017.01.12 22:39:03 ] Kypischovic Malifozik > Do share
[ 2017.01.12 22:39:30 ] Longinius Spear > I can enter it into a wormhole mapping software program and essentially map your commings and goings into wspace and the ships your in
[ 2017.01.12 22:39:38 ] Kypischovic Malifozik > Hah
[ 2017.01.12 22:39:45 ] Kypischovic Malifozik > I was listening to that podcast today
[ 2017.01.12 22:41:08 ] Longinius Spear > yea, shits real boss man. I don't give it out anymore. and to those peeps who think I should give them a full one so they can review it when ever they want to seek out spie activitiy.. NOPE
[ 2017.01.12 22:41:24 ] Longinius Spear > Not only that buts an invasion of privacy
[ 2017.01.12 22:41:45 ] Longinius Spear > If you think privacy is unimportant for you because you have nothing to hide, you might as well say free speech is unimportant for you because you have nothing useful to say.
[ 2017.01.12 22:43:22 ] Longinius Spear > whats worse is, all it takes is someone liek yourself to send a full API of your own to some one else.. who is also exposed.. for a 3rd or even 4th party to have access to all our mails and API's sent via EVE mails
[ 2017.01.12 22:44:12 ] Longinius Spear > You could have apped to one of these alliances.. or persons who had a full api out there.. then they simply review our mails forever. our own comings and goings in wspace
[ 2017.01.12 22:44:33 ] Longinius Spear > Do you see the danger of having them and willy nilly sharing them ?
[ 2017.01.12 22:44:49 ] Kypischovic Malifozik > Yes I do
[ 2017.01.12 22:45:12 ] Longinius Spear > The interesting thing is, you'll still keep asking for it, even after today
[ 2017.01.12 22:45:36 ] Longinius Spear > because of 'reasons' that have yet to be fleshed out.. to catch liars?
[ 2017.01.12 22:45:59 ] Kypischovic Malifozik > But, I think you're also simplyfying it a tad
[ 2017.01.12 22:46:11 ] Longinius Spear > perhaps, but its how my mind works..
[ 2017.01.12 22:46:24 ] Longinius Spear > i chop threw bull shit and get to the point that i want
[ 2017.01.12 22:46:25 ] Longinius Spear > :)
[ 2017.01.12 22:46:43 ] Kypischovic Malifozik > For example; I wouldn't even need a full always accessible API
[ 2017.01.12 22:46:47 ] Kypischovic Malifozik > I wouldn't even want that
[ 2017.01.12 22:47:07 ] Longinius Spear > you shouldn't want ANY of your characters in your corp to have them around at all
[ 2017.01.12 22:47:29 ] Longinius Spear > the fact that there is a button that lets your API NEVER expire.. is the entire reason EVE skunk is a website
[ 2017.01.12 22:47:38 ] Kypischovic Malifozik > ^
[ 2017.01.12 22:47:47 ] Kypischovic Malifozik > Delete the damn thing when you're done using it
[ 2017.01.12 22:48:12 ] Longinius Spear > yep, and never ask for it unless you can visualize a scenario where having it would matter
[ 2017.01.12 22:48:59 ] Longinius Spear > because small amounts of unexplained behavior both good or bad.. can bring doubt in a person who is totally innocent
[ 2017.01.12 22:49:01 ] Kypischovic Malifozik > Unfortunately, not being top dog I don't always get to make every decision
[ 2017.01.12 22:49:13 ] Longinius Spear > you should be top dog
[ 2017.01.12 22:49:41 ] Kypischovic Malifozik > :)
[ 2017.01.12 22:49:46 ] Longinius Spear > I was told early on in my EVE carreer.. "Players don't need corps, its the other way around"
[ 2017.01.12 22:50:25 ] Longinius Spear > Going to say good day to you, thank you for the chat, I'll do my best to not villify you in my post :)
[ 2017.01.12 22:50:38 ] Kypischovic Malifozik > Before you do os
[ 2017.01.12 22:50:41 ] Kypischovic Malifozik > so*
[ 2017.01.12 22:51:26 ] Longinius Spear > ?
[ 2017.01.12 22:51:30 ] Kypischovic Malifozik > You already have a new home, don't you?
[ 2017.01.12 22:51:35 ] Longinius Spear > yep
[ 2017.01.12 22:51:48 ] Kypischovic Malifozik > Well, shit.
[ 2017.01.12 22:51:49 ] Longinius Spear > figured that out without an API didn't ya
[ 2017.01.12 22:52:16 ] Kypischovic Malifozik > Lots of things can be found out without an API key
[ 2017.01.12 22:52:20 ] Longinius Spear > it was a joke
[ 2017.01.12 22:52:24 ] Longinius Spear > :P
[ 2017.01.12 22:52:25 ] Kypischovic Malifozik > I know :P
[ 2017.01.12 22:52:30 ] Longinius Spear > thank you again for the offer and good luck
[ 2017.01.12 22:52:40 ] Kypischovic Malifozik > API keys in that sense are something terrible
[ 2017.01.12 22:52:41 ] Longinius Spear > may we shoot spaceship guns at each other one day
[ 2017.01.12 22:52:57 ] Kypischovic Malifozik > I'd hope we'd shoot them together at someone :)
[ 2017.01.12 22:53:02 ] Longinius Spear > o7
[ 2017.01.12 22:53:05 ] Kypischovic Malifozik > o7
Yes API keys don't give out useful information if your goal is to prevent theft, spies or corp gankers.
ReplyDeletePeople will create accounts for that purpose, scrub their mailbox, maybe even start out with good intentions and then change their mind about stealing or not.
Killboard information, forums, corp history are all much more useful.
Any information I am willing to share is already publicly viewable on eveboard.
Yeah, I more or less assume a corp that requires API keys doesn't actually know what they're doing when it comes to security.
ReplyDeleteGood read, I've never been a fan of APIs. I would refuse to give them out myself if I were ever to move to a different wormhole corp. I've been lucky enough not be asked for mine at this point though being in the same corp since I joined with friends from another game. I know that the majority of the player base doesn't have that sort of luck though and it's just sad. We did check APIs up until citadel dropped though. Once we anchored our first we dropped the API requirement entirely. FUCK APIS!
ReplyDeleteTylus Lemmont
Smart guys. This is really good stuff, and I hope more corps realize that API requirements post-Citadels are very useless. You can already see my corp history and my killboard, what more do you need?
ReplyDeleteThanks for writing about this topic. It's always bothered me as well. Your eve mail might have real life passwords or other personal information in them. The corp might make a copy of this data intentionally or by accident. Their copy of your data might end up in a hacker's trove after they've owned the corporation's IT servers. It's just not safe. Also, I don't think it matters if the API has no expiry or not since a full copy can be copied while the key is active. Welcome back to the game!
ReplyDelete