Privacy in gaming
-
@faraday Hrm.
Do most MU-providers run on HTTPS and have certs? I wonder if their CA cert would allow the games on their servers to fall under the umbrella of that cert.
Granted, then if the MU provider slacked in upkeep of their cert then MU users would have to fall back on telnet.
Still wouldn't protect from on-game snooping, though.
-
A MU* isn't a messenging service.
If the admins want to see what's going on in the 'world' they adjucate, I don't care either way.
-
@Ghost Ain't anything that will protect from admins abusing the commands they have available to snoop on players. Only cure for that is indeed, as someone said, leaving a table where the game isn't fair.
-
I mean if I caught a staffer spying on players on a game I was headstaff on, they would be shown the door. Just because someone CAN does not mean they should, and if they do they shouldn't be running a game.
Yes you should be prepared and careful about your DATA and MU's are def not the most secure things by a large margin but these arguments are super weird.
No, your game won't improve if you go traipsing around invisible spying on peoples private RP, Sure staffers have that power, but that doesn't mean they fucking should, now should players 'just accept it' Fuck that. This is about ethics of MUing not the ability to do whatever they want so you shouldnt have any expectation of privacy, You absolutely should, and these arguments about 'oh you are naive if you think you are private' sounds a lot like defending bad actors.
-
@Wretched said in Privacy in gaming:
This is about ethics of MUing
No, it's not. That is kind of the point here.
The ethics of MU can be whatever, but the reality of MU is what's been said so far. The ethical arguments are all well and good, but they're ultimately toothless and armchair philosophy, whereas the reality of MU is important to keep in mind.
This isn't defending bad actors. This is reminding people that there are bad actors, and there is absolutely no real system of accountability, so the only people that can actually protect you from having your privacy invaded is you.
-
@Derp It's certainly important to separate the two. One is the discussion of how we can make the game safer in terms of data and storage, the other is about how to encourage players and admins to not be assholes. They're both very important discussions, but they are not interchangeable at all.
-
@Wretched Well, the tech stuff I was talking about was just a reminder that technically staff snooping isn't the only privacy concern.
Much to my dislike, I think Corporate HR provides a mindset that might make a fair policy on how and when staff monitor people's MU time. I imagine it could be something like:
- If staff receives a complaint that they feel requires investigation via observation (corporatese for spying), then staff will log that they are doing so in transparency with other staff for no less than X hours/days. All non-pertinent information logged will be destroyed afterwards, and will not be shared by any players non-essential to reviewing the complaint.
Or, for short:
- Staff cant arbitrarily snoop without all staff knowing
- Staff cant snoop indefinitely
- Staff cant share what they find with MSB
- Any PII or stuff not related to the problem isn't saved to a hard drive
-
@Ghost I'd feel pretty safe with that set of rules, and a set of instructions on where to complain if they got broken, indeed.
-
@Auspice said in Privacy in gaming:
You are literally sending data over an unprotected means of communication.
If I leave my house unlocked, you are still trespassing if you enter it uninvited.
The technicalities of this are only part of the equation; the other part is expectation.
Honestly, the argument on whether or not players should expect some privacy has made me sick. The answer is not “you are on an unprotected server therefore you should expect none”, the answer is, “I have no interest in the work involved in protecting you from privacy violations, so expect that there are none.”
There’s a reason we don’t allow cameras in bathrooms in ... well, not in Ohio, and I’m hoping that’s everywhere else. Technically there’s nothing stopping people. Hell, the wall between urinals is barely enough to keep someone from staring.
We punish people who do things that are technically possible all the time. The idea that “it’s possible therefore it’s allowed” is what makes me angry.
There are many other reasons to not expect privacy on a Mu*, but “because we can” isn’t one of them.
-
@Thenomain said in Privacy in gaming:
The idea that “it’s possible therefore it’s allowed” is what makes me angry.
I'm not reading this (thus far at least) as saying 'it's possible, therefore it's allowed'.
I'm seeing a lot more 'it's possible, therefore you must be aware that it may occur, whether it's allowed/advertised/disclaimed or not'.
-
That’s fair, and I give myself an out in that last sentence. Because there are many reasons not to expect privacy, but that doesn’t mean that we can’t try, or demand, or work toward it.
“Oh well!” is a terrible attitude.
-
There is only so much you can do about privacy/safety if you want to actually get out and do and participate in things.
Being aware of that is great. Imply that people who do not have everything in lockdown and most secure mode are stupid is... I guess kind of what a recluse would say as an excuse as to why they do not participate in anything beyond their own home?
I do think it's good that people understand that it is possible for things to be logged/shared even remotely if that is what the game runner chooses to do now or in the future. No matter what they say in the shit you do not read before typing I Agree.
Playing on a game does involve some risk. Including, yes, that you may encounter people who are gross enough to try and extrapolate your location or put together pieces of various conversations in order to engage in harassment of you by calling CPS, tracking down and harassing spouses, looking up cell phone numbers for further off game harassment/pressure (I have had this happen to close online and RL friends over the years!). Will it happen to everyone, no. Will everyone see this happen, no. Is it enough for some people to never play a mush? Yes, and I respect that.
I also think that sometimes people forget how small the degrees of separation in who you know in the mush community are. So even if you only share personal info with a handful of people in your entire mushing experience chances are a much wider circle of people than you expect knows things like your name, where you live, your family structure, ect. Even people you loathe and wouldnt tell a thing.
But I personally think that is a risk in any social activity. My RL stalker located me on a professional license registry that I am required by law to be on as long as I was licensed by the state and used me to track down and show up at my business. He used the transparency and public disclosure requirements of my state to find out about my volunteer service in a local political party (as an elected official and board member of the party) and then showed up at a meeting. I guess we should say if you do not want a stalker to show up to get he face to face interaction they want from you, you shouldn't have decided to be a professional with a license, nor should you serve in any kind of publicly disclosed organization (like a non profit board either--i found out later he showed up at a PTA event that I was chairing the committee of too). I did quit 2 of the 3 things because it was terrifying to have that happen. And I'm sure there are some people who think that because I put myself out there in that way that of course I cant complain about that happening as it's all my fault for not locking down.
I just do not think that's a reasonable viewpoint for how most people live their lives.
I view mushing as I do any other social hobby. There is a risk that you are going to meet some not very nice people. And even some deeply disturbed or malicious ones. You have to decide your own boundaries, and you also have to understand how they can be breached beyond your control (like a mutual friend chatting about you, or you venting to someone about a third party not realizing that person is that third party's long term friend, ect) as far as things "getting out."
Most of the privacy breaches I've seen that cause significant damage are less about staff secretly recording or wanking off by being a peeping tom (super gross) and enjoying knowing that would freak people out if they knew/when they disclosed it, but people using information (true or false in malicious ways). I do not think a privacy policy will prevent that for the people who like doing that. Maybe it can set some behavioral best practices for everyone else though.
Mostly, I deal with this stuff by trying to only play on games where I feel that I can trust staff enough that I can talk to them about behavior that makes me uncomfortable or worried, and that whether or not I agree with or see the response I can trust that it will be noted in case there are other incidents.
I would rather see a "behavior breach response" policy than a list of promises that arent always in the control of the person making them.
-
@Ghost said in Privacy in gaming:
Do most MU-providers run on HTTPS and have certs? I wonder if their CA cert would allow the games on their servers to fall under the umbrella of that cert.
In my experience, it's not that simple. The MU server process will need access to the actual server certificate file, and those are usually locked down to root. There's a complicated dance I had to go through for Ares to make that work, and it still requires sudo access (which you aren't likely to get on a traditional MU provider). Also, depending on the way the cert is set up, it wouldn't apply to sub-domains.
mymush.somewhere.com
doesn't automatically get to piggyback off ofsomewhere.com
's certificate.@L-B-Heuschkel said in Privacy in gaming:
They're both very important discussions, but they are not interchangeable at all.
I would argue that there are several separate topics at play here:
- What can be done on a tech level to better protect the transmission and storage of data (e.g. @Ghost's SSL stuff, talking about database security, etc.)
- What can be done by ethical staff to establish solid privacy practices to protect themselves and their players.
- What can be done to guard yourself against unethical staff snooping without any justification and/or abusing your private data (IP, email, any info gleaned from OOC chatter or RP) for their own ends.
It's good to remember that the latter problem exists, but we're not going to get much mileage out of it. As @Derp points out there's precious little you can do beyond leave.
-
I think this conversation is a valuable one to have, even on a cyclical basis, much like the conversations we continually have with our teens about online safety (now mine are old enough and tech savvy enough that I think I personally get more information than any I dispense). It is easy to forget/get sloppy about. And risk adversity goes up and down, and can be circumstantial. Even if the problem is not "solved." It is stil important imo to think about and personally re/evaluate from time to time whether you're a player or admin.
-
@Thenomain said in Privacy in gaming:
@Auspice said in Privacy in gaming:
You are literally sending data over an unprotected means of communication.
If I leave my house unlocked, you are still trespassing if you enter it uninvited.
The technicalities of this are only part of the equation; the other part is expectation.
Honestly, the argument on whether or not players should expect some privacy has made me sick. The answer is not “you are on an unprotected server therefore you should expect none”, the answer is, “I have no interest in the work involved in protecting you from privacy violations, so expect that there are none.”
There’s a reason we don’t allow cameras in bathrooms in ... well, not in Ohio, and I’m hoping that’s everywhere else. Technically there’s nothing stopping people. Hell, the wall between urinals is barely enough to keep someone from staring.
We punish people who do things that are technically possible all the time. The idea that “it’s possible therefore it’s allowed” is what makes me angry.
There are many other reasons to not expect privacy on a Mu*, but “because we can” isn’t one of them.
That isn't even the point I was making.
The issue is that often, when this comes up (something something someone finds out that data is being or can be recorded), there's an outcry of 'oh my god why was this allowed?!' and it comes down to:
this is data being sent over an unsecured connection.Just like what I am posting, right now, is going to an unsecured site.
Would I be furious if Arkandel used it for nefarious purposes? Yes, of course I would. But I'm not waltzing in expecting the forum equivalent of Fort Knox and that is what I think people need to stop doing. They need to stop going on games assuming that just because they go 'p name=hey baby lemme show you my dick' it is somehow 'OMG HOW DID STAFF GO AND FIND EVIDENCE I HARASSED THAT PERSON'
(see how it can be used sometimes in your favor, too???)
No, I am not saying 'because it's unsecure OH WELL DEAL WITH IT IF SOMETHING BAD HAPPENS'
My point is: there is something to be done on both ends of the equation.Don't log onto a game expecting everything to be 100% secure (don't give out personal details on a game, leave a game if you find out staff is hella shady). If you run a game, consider a mission statement in which you promise players some level of privacy (we won't drill a peeping hole into your TS spaces, we won't check any server data/logs/flip on SUSPECT flags unless absolutely necessary).
-
You are literally agreeing with me.
-
@Thenomain said in Privacy in gaming:
If I leave my house unlocked, you are still trespassing if you enter it uninvited.
I think this is the wrong analogy for a MU.
It's more like... If you come into my house for a party and I have a security system.
Is it unethical for me to monitor my home? Of course not. The ethics are around how I gather and use that footage.
Creeping on people in the bathroom? Eeew. Clearly awful.
Reviewing the footage from a particular night to verify Jane's tale when she claims that John assaulted her? I think that's perfectly valid.
Combing through footage of guests at a party and eavesdropping on conversations they presumed were private? That's just a jerk thing to do, even if it is your house.
-
@Thenomain said in Privacy in gaming:
You are literally agreeing with me.
which is fine! But it looked like you were trying to call me out as being wrong and I wanted to clarify that hey, I was never once trying to say 'WELP. IT'S UNSECURE SO DEAL.' but instead 'it's unsecure so keep that in mind.'
-
@faraday said in Privacy in gaming:
@Thenomain said in Privacy in gaming:
If I leave my house unlocked, you are still trespassing if you enter it uninvited.
I think this is the wrong analogy for a MU.
It's more like... If you come into my house for a party and I have a security system.
Is it unethical for me to monitor my home? Of course not. The ethics are around how you gather and use that footage.
Creeping on people in the bathroom? Eeew. Clearly awful.
Reviewing the footage from a particular night to verify Jane's tale when she claims that John assaulted her? I think that's perfectly valid.
Combing through footage of guests at a party and eavesdropping on conversations they presumed were private? That's just a jerk thing to do, even if it is your house.
I do like this analogy much more.
Primarily because if someone commits a crime on your game (such as sharing underage pornography), you could be investigated as well because your game/server were utilized. Are you likely to be convicted? No. But it's still not going to be a fun time. So I'd like a level of awareness into what is going on and the ability to go 'Wait, you're telling me you have cause to believe SoandSo is engaged in wrongdoing? OK, thank you for telling me: I'll keep an eye on things.'
-
That is a much better analogy, yes, but I still want to make my point clearer than the analogy: Just because something is technically possible does not mean we should take it as justifiable.
Your example includes this (to be fair, so does mine), but again I think we as netizens or even as full world citizens should be able to discuss rights intelligently.