|
Author |
Thread Statistics | Show CCP posts - 15 post(s) |
Luckytania
Bullets of Justice Damned Nation
21
|
Posted - 2011.10.18 02:45:00 -
[1] - Quote
Addergebroed wrote:CCP Redundancy wrote:Weaselior wrote:Solo Drakban makes a good point - is mandatory reporting being patched out before release, or in winter expansion 1.1 In the short term, if you're worried about this feature then the best workaround would be to block your computer from accessing http://crashes.eveonline.comThis won't cause any issues with Eve, but it will mean that we won't be able to see and fix your crashes. Why on earth would you not want to help CCP to fix crashes? Companies have lied before about what data is being collected in these types of "it is all benign data, trust us" transmissions. Either for nefarious reasons or, more often, due to mistakes.
*After* I verify the contents of these data dumps I'll be happy to allow their submission.
Trust, but verify. <-- If it is good enough for nuclear weapon treaties it is good enough for personally identifiable information (PII) protection.
I'll unblock it at the DNS server for this house after I see what is being gathered and transmitted. Until then: $ nslookup crashes.eveonline.com Server:10.11.1.3 Address:10.11.1.3#53
** server can't find crashes.eveonline.com: NXDOMAIN |
Luckytania
Bullets of Justice Damned Nation
21
|
Posted - 2011.10.18 02:58:00 -
[2] - Quote
Luckytania wrote:CCP Redundancy wrote:In the short term, if you're worried about this feature then the best workaround would be to block your computer from accessing http://crashes.eveonline.com Companies have lied before about what data is being collected in these types of "it is all benign data, trust us" transmissions. Either for nefarious reasons or, more often, due to mistakes. *After* I verify the contents of these data dumps I'll be happy to allow their submission. Trust, but verify. <-- If it is good enough for nuclear weapon treaties it is good enough for personally identifiable information (PII) protection. I'll unblock it at the DNS server for this house after I see what is being gathered and transmitted. Until then: $ nslookup crashes.eveonline.com Server:10.11.1.3 Address:10.11.1.3#53 ** server can't find crashes.eveonline.com: NXDOMAIN On another note, I applaud CCP Redundancy / CCP for creating this tool. And especially Redundancy for quickly responding with useful information.
However, CCP just still has a ways to go about communicating with their user base. (And it is a user base of a commercial product.)
I've seen and used lots of these types things over the years. The following would have been a far more professional and respectful way to announce and implement:
1) Announce well ahead of the implementation date for changes to an existing product. (In EULA is fine for new products. Is there already text in the Eve Online EULA about pulling non-game data from a user's machine?)
2) Explicitly identify the data types being collected and transmitted during the dump. Ideally, present the actual data collected for user approval prior to each transmission.
3) Ideally make it opt-in to begin with. Or, make it clear where the disable option is set when the announcement of deployment is made. |
Luckytania
Bullets of Justice Damned Nation
21
|
Posted - 2011.10.18 03:06:00 -
[3] - Quote
Sirane Elrek wrote:Dalmont Delantee wrote:The old adage of if you have nothing to hide with the eve client why worry. I want to quash this argument right at the beginning. Everybody has something to hide. Maybe not in the EVE client, but that's why people want to check what data is actually being transmitted. It's not your business to know whether I have a **** site open in my browser, or if I'm watching a live stream of Bill O'Reilly. Or even accessing John Birch Society or Communist Party of America information sources. (Pick your poison.)
Ultimately, unlimited data always gets abused. And not necessarily at the first point of contact / collection. |
Luckytania
Bullets of Justice Damned Nation
21
|
Posted - 2011.10.18 03:24:00 -
[4] - Quote
CCP Sreegs wrote:Solo Drakban wrote:
Actually, no, that's not what has us 'all jittery'. I'm fine with CCP getting a list of all my running applications (as I have said before), injected into EVE or not, so long as they are up-front about it (hell, Sreegs is welcome to show up at my place unannounced, crash on my couch and go through my computer himself looking for bots) so I can make the decision as to what applications to run at the same time as EVE. I also want the chance to review what they are sending as they currently have some ground to cover to regain my full trust in their statements.
It's all about informed consent balancing against the need for privacy.
We are not currently doing anything to enumerate any applications. All that we're retrieving is crash dumps from the EVE Online client which are limited to our own process space.I can't make up my mind where on the creep-o-meter showing up at someone's house to rifle through their computer should be placed. It's somewhere below trying on their clothes and above peeking in their medicine cabinet. [emphasis added to Sreegs post] My posts above were made before reading the entire thread. One should always read the entire thread before posting. How many of us always do so.
Regardless, some of what I said is still relevant. Basically the issues of "at-will" on day one, the user's ability to verify that data collection is not going beyond stated parameters and some refinements of communication. |
Luckytania
Bullets of Justice Damned Nation
21
|
Posted - 2011.10.18 19:30:00 -
[5] - Quote
Cassina Lemour wrote:
... wonders why are you so paranoid about, unless you are doing something you're not supposed to like code-injection.
CCP Sreegs is not the only one here (Eve Online) who is a security professional.
Some of us are conditioned to be paranoid by decades of training. |
|
|
|