Saving Pages to the Database
-
There's been an interesting discussion among the AresMUSH community about whether to store pages to the database, in the same way as mail messages and channel chat (if channel recall is enabled).
This is not a unique idea. It's the basis for how private messages work on virtually every forum and chat system out there. Historically, though, a lot of MU folks have had a knee-jerk reaction about this feature. I'm wondering if that's still true.
The main thing driving this on Ares is folks wanting to be able to page via the web portal, but there are other non-web advantages: a page/recall feature, being able to report harassing pages, and so on.
The main argument I've heard against it is privacy, and I would hate for this to be some deal-breaker that makes people shy away from Ares games. (Initial push-back is why I haven't already implemented it.) But let's be honest - no text you send to someone else's server is ever truly private. If a nefarious staff member with wizard privileges wants your pages, they can already get them (on any MU server).
Feel free to chime in with your opinions here (please remember this is the constructive area), and take my survey if you like.
https://www.surveymonkey.com/r/75NNHKT
Even if you don't already play on Ares games, you might find one someday and your opinion still counts.
-
pLZ. It's like the one major core element missing from the web portal.
-
I'd be happy to see it.
-
I am 300% in favor of adding pages to the web portal.
Every game ever allows admin to look at pages, if they want to, as you said.
-
My vote was to make it so that games can enable it on their own basis, like most any other feature. Which I imagine you'd do anyway.
I know some people wouldn't be a fan, but I think enough are that it's a good idea. I'd love to be able to page someone who is "offline" and have it waiting for them. @goodstarbuck and I talk back and forth a bit during our work days, for example, and it's sometimes bouncing between phone mu and web client and man, I'd love if I paged him while offline and instead of just being told he's not online I got a message like: 'Sol is not currently online, but your message has been stored in their inbox for when they next connect.'
So it could be viewed on game or the portal.
-
I would LOVE this, though I think making it an option a game-runner can enable/disable as they please would also be fine. Pages/PMs feel like the one remaining thing I need to log on via my MU client to do, everything else is more or less possible through the webportal atm.
-
@Three-Eyed-Crow said in Saving Pages to the Database:
Pages/PMs feel like the one thing I need to log on to do, everything else is more or less possible through the webportal atm.
This is actually why I'm not inclined to make it game-configurable unless the community is overwhelmingly in favor of it. I mean obviously a game can do whatever they want with the code, but I don't need to make an easy 'off' switch if most players view it as core game functionality
-
My initial hang-up was (and still is) that I'm paranoid and don't necessarily trust game owners. Chalk it up to the olden days of DARK Wizards and admin that read game logs to see if people were talking shit about the game.
However.
I realize now that this isn't a thing that should prohibit the march of technology. Yes, you probably should be able to page/PM from the portal. If I don't trust an admin enough that I worry they might be willing to read my page conversations? I definitely shouldn't be playing on their game.
-
@faraday Encrypt pages with public keys possessed by all parties who want this feature enabled.
Then if any one of them wants to release their contents they can, if not staff can't look at them anyway.
- He who takes offense when not intended is a fool. He who takes offense when intended is a greater fool.
-
@Arkandel Thanks for the suggestion, but I'm not going to do that. That's not how PMs work in any other system (Discord, Slack, even this forum right here). If MUers value their privacy that much, they can do without the feature. These are chat messages, not state secrets.
-
As with most "saving to database" things, I'd be more comfortable if I knew for how long such information would be saved. But that's likely a game policy problem and not a codebase one.
-
@faraday said in Saving Pages to the Database:
If MUers value their privacy that much, they can do without the feature. These are chat messages, not state secrets.
Then that's the question you are asking - 'how much do players value their privacy?' - rather than how to best safeguard it since otherwise staff will always have access to full records of pages.
I'd say in that case it's a net positive. Sure, malevolent staff will go through people's transcripts and read their private communication, but that's just one way these things can happen. On the other hand it could be helpful in handling disputes or prying into harassment, etc.
- He who takes offense when not intended is a fool. He who takes offense when intended is a greater fool.
-
I'm not sure I'd ever want to look at user pages.
Other people's TS is a lot like other people's vacation vids. Theoretically you know it exists, but nobody else wants to see that stuff.
-
@Bad-at-Lurking said in Saving Pages to the Database:
I'm not sure I'd ever want to look at user pages.
There's some fairly good reasons for it.
He/Him
-
@Bad-at-Lurking said in Saving Pages to the Database:
I'm not sure I'd ever want to look at user pages.
Other people's TS is a lot like other people's vacation vids. Theoretically you know it exists, but nobody else wants to see that stuff.
I do.
If popcorn is provided.
-
Eh, you can always find a perfectly good reason to anything. But the trick is know that you COULD go skinny dipping in the swimming pool reactor of a nuclear power plant, but deciding that you like your life better without doing so.
-
@Bad-at-Lurking said in Saving Pages to the Database:
but deciding that you like your life better
Hah. No.
-
@Arkandel said in Saving Pages to the Database:
rather than how to best safeguard it since otherwise staff will always have access to full records of pages.
Staff can already have full records of pages if they want to, on every MU server ever built. Whether that's enabling full command logging, or setting people SUSPECT, or whatever.
There is no real privacy on a MUSH, from a technological perspective. It is entirely reliant on the ethics of the staff involved to not go digging into things they have no business digging into.
So I'm not really interested in adding a complex encryption scheme to perpetuate the illusion of privacy (because even with encrypted storage, the game itself needs to be able to decrypt the pages somehow to display them, and that means the capability exists for code-staff to decrypt them too).
What I'm really asking is whether the illusion of private pages is important enough to players that they would not want to play on a game that was explicit about the fact that they're saved to the database.
-
I'd be all for it. Anything nasty I have to say about a game I say to people via some other messenger service anyway.
-
@Arkandel said in Saving Pages to the Database:
@faraday Encrypt pages with public keys possessed by all parties who want this feature enabled.
Then if any one of them wants to release their contents they can, if not staff can't look at them anyway.
Either you have to store the pages unencrypted in the database for page/recall or the web integration to work (in which case there's no place for encryption in the flow, because the pages are stored decrypted, the thing you wanted to avoid), or you need the user to provide their private key every time they receive a page or use page/recall (impractical and annoying), or you need to have them upload the private key to the game to be used on their behalf to decrypt pages without providing it every time (in which case the key is in the database and the entire thing is pointless because if your worry is "staff might read my stuff", they can still do so as they have your private key on file).
Sure, there are some hacky ways you could try to make it work (writing a custom client for those who want to use telnet, or having the decryption done in JavaScript using a key stored in local storage, and saying pages can only be used from the web portal), but none seem appreciably better.
Unless I misunderstand the Ares design—which is possible, I've only poked at it in small bits thus far—and the database does not play any role in passing information between the telnet side and the Rails web side, this just doesn't seem a practical place to use public key encryption.
a.k.a. Packetdancer (or "Pax" for short)
