Privacy and Targeting

I'm a fan of "whatever can be open, it should be open" but I have two concerns about the data included in this API.

The first one is for characters.  The amount of coin one has is available through this API.  I don't mind it personally, but others I spoke with about it have found it to be slighty disconcerting.  The biggest reason was that they fear it makes them a target for account thief activity.  Of course, the GMs seem to have all the coin from what I've seen thus far!  

The second is the guild MOTD.  While no one shoudl be putting their bank account numbers there, there are often things like ventrilo passwords, web site passwords, etc. which are included in guild MOTDs.  I don't know if the MOTD was available previously or not through eq2players. I do think exposing it, if it is a newly exposed item, may surprise people who thought you had to be in the guild to see this information.

 

I think privacy management is something on their agenda for the future.  My guess is, maybe once the new EQ2Players launches, as it could provide them with an interface for users to control their privacy in a fairly granular way if they wanted to.

For now, there's only one global option in-game to prevent publishing their characters.  There is no solution however for now regarding the Guild MOTD issue (which they are aware of).

For now I guess it's up to us developpers to be sensible as to what we expose, and hope that "the bad guys" (griefers, hackers, etc...) don't learn too quickly about such issues.  Personally I didn't think long before deciding to not expose the owned money in RosterMaster - I can see no good coming out from publishing that information.

 

Security by obscurity is not security.

I have no doubt that the "bad guys" have just as much smarts as we do, and can perform simple searches of the database to isolate targets just as well as we can.

I also have no intention of showing the money directly, but I do find it interesting that the GMs are all the wealthy ones!

 

No doubt.  As I said, SOE are aware of this, and this is something on their agenda.

 

Yes...this is being worked on.  Because there are some things that aren't completely locked down yet, I would ask that you be respectful and careful about what you gleen from the feeds.

If this becomes a problem, we would have to shut down the service until we get everything locked down.

-dan

 

No worry there, I won't do anything that I think will compromise my ability to get at all the useful info you're providing.  I brought it up mostly due to my concern that it was there, not that I was going to expose it

 

Dan, if that's the concern, you may wish to move this thread out of the public forum into the private developer forum

 

I'm okay with this remaining in this forum.  We are not going to be able to mitigate bad behavior with secrecy.  I believe in transparency.

-dan

 

The guild MOTD should now be removed from the data feed.

-dan

 

Good news.  Thanks Dan.