Saving Pages to the Database
-
@Sparks Yes, in retrospect this would fit better on-demand logging than being the default for everyday PMs.
The other advantage of logging this sort of thing server-side in general though is it takes the he-said she-said question out of the equation. No one can forge logs any more.
-
@Sparks said in Saving Pages to the Database:
this just doesn't seem a practical place to use public key encryption
That's exactly right. Even if you have to pass the key to decrypt your pages, you're still passing it to the game, and thus effectively giving nefarious staff access to your key - and your pages - anyway.
Not to mention the fact that a nefarious staff could still intercept the page and log it before it was encrypted and saved to the database in the first place.
Encryption might make people feel a little better, but it's not really a viable protection in this case.
-
@faraday — Moreover, trying to use encryption here only provides an illusion of security, which is actually worse than no security at all in my opinion. If you're aware there's no security in a system you can set your expectations accordingly. But if you think there is security, then you feel even more upset and betrayed if that so-called security is proven to consist of little more than a polite request of "plz no snoop".
-
Ultimately I think that @krmbm has made the real point here. If you don't trust your staff not to do this unethically, play somewhere else instead.
-
This also doesn't feel a ton different than having mail on the webportal, which from what I've seen nobody's seemed bothered by (and its just emphasized how awk it is to work most mail systems through a standard client connection).
-
Also, if you gotta be weird/creepy/flirty/TS-crazy/WHATEVER.....
There's Discord for that.
I mean, if you're gonna do that, at least be smart about it. It's no fun mocking people for that kind because they just don't know any better. C'mon.
-
Players should either trust the staff on the game or not play there. If they don't, 'hardcoded' pages have never been the security guarantee people act like they are, and game runners always have had the ability to log every bit of text you enter with or without your knowledge.
If I ever ran a serious enough game for it to matter, I'd log everything. I might set some policies about when certain categories of logs would be referenced (ie, only in the case of harassment complaints, hacking threats, RP only if flagged public, whatever) and how long logs would be retained, but otherwise I have 0 problem with people logging everything and treat all staff like Firan staff in terms of my expectation of personal privacy.
In your case, the ability to make technological progress is far more valuable. Turning previously 'transitory' elements like pages and poses into database objects is a necessary leap for various enhancements of the mushing experience. There's no way around that if you want access to certain features and it's not worth upholding some ancient etiquette that was always a false promise anyway.
-
@bored said in Saving Pages to the Database:
Players should either trust the staff on the game or not play there.
I would argue that any coded 'enhancements' to a codebase itself should be to remove trusting staff, and reliance on staff, from the equation as much as possible.
@Testament said in Saving Pages to the Database:
Also, if you gotta be weird/creepy/flirty/TS-crazy/WHATEVER.....
There's Discord for that.There's RP for that. Do it IC or don't do it at all. If you want to text-fuck, own it.
He/Him
-
@Tinuviel There's discussion upthread about encryption methods the practicality of using using those to achieve both the shiny-new tech and some degree of privacy for the users (although I still view it as a weak promise when one party controls the server). Obviously, if they can achieve the best of both worlds, I don't object to this out of pure malice or something?
But as someone who's had Observers pop out when they struck their tent, I am not that concerned about preserving my thin privacy protections on these games.
-
@Tinuviel said in Saving Pages to the Database:
I would argue that any coded 'enhancements' to a codebase itself should be to remove trusting staff, and reliance on staff, from the equation as much as possible.
Sure, but removing them completely is impossible. If staff controls the server, they have access to every byte of data sent to and from it. Full stop.
That said, the proposed features are about letting players access their own pages in new ways. That doesn't include staff having a command to randomly snoop on pages. Code staff with database access could poke around and find things. There's no practical way around that, as @Sparks and I pointed out earlier. But "someone with high enough permissions can dig it out of the database" doesn't mean easy access for everyone.
-
I kinda think of this like the PMs on a place like this. They're more persistent, I gather that if the mods/admins need to access them for some reason, they can. If it doesn't bother me here? Doesn't bother me on a game, either.
-
With most games using insecure telnet and most players unaware that many of their characters/info may have traveled to one dateabase to another every time someone "steals" a codebase...I don't see why it's such a big deal.
Fact is, theres a lot of willful ignorance to just how easy it would be for these games to spy on your pages/role play anyway.
People should always assume that without a signed EULA on insecure tech that everything you're doing is potentially recorded/intercepted, and not to send anything over a MU that you wouldn't want staff or someone else who uses the PC/network to know about.
Delete the Hog Pit. It'll be fun.
I really don't understand He-Man -
@Ghost said in Saving Pages to the Database:
Fact is, theres a lot of willful ignorance to just how easy it would be for these games to spy on your pages/role play anyway.
I don't think it's ignorance, at least not from this crowd. It's more "but that's not how it's supposed to be done."
He/Him
-
@Tinuviel said in Saving Pages to the Database:
@Ghost said in Saving Pages to the Database:
Fact is, theres a lot of willful ignorance to just how easy it would be for these games to spy on your pages/role play anyway.
I don't think it's ignorance, at least not from this crowd. It's more "but that's not how it's supposed to be done."
I meant it more like drinking soda or smoking cigarettes.
There are negatives, but the negatives get overlooked in lieu of the enjoyment they (cigarettes, etc) can bring.
You take it on faith that staff, who you may or may not know, aren't reading pages, invisible and watching you TS, or saving your conversations with personal info. You resign to I'll...raise hell on MSB if I find out, but ultimately it's about faith and ignoring the negative/risks for the benefit.
Delete the Hog Pit. It'll be fun.
I really don't understand He-Man -
@Ghost said in Saving Pages to the Database:
I meant it more like drinking soda or smoking cigarettes.
Still not really an apt analogy. Some folks don't know those things are bad for you. We all know that spying on pages or roleplay is simple for anyone with half a brain cell. We also know that it's generally regarded as a violation of ethics.
So it's not that we're ignorant of the fact, it's that we hold people to a standard and assume it will be met.
-
Just throwing this out there, but RHOST already has something akin to this, sort-of, the @snoop feature which allows staff to view all activity of any player registered to them, including inputs and pages. That being said, people still play on RHOST servers. It really has to do with trust vs capability. If they trust the staff, it doesn't matter really what the staff can or cannot do.
Pay no attention to me. I'm old, jaded and generally unfriendly. I am prone to fits of stupidity, but I am still unique, just like everyone else. ~~ Current President of the Anti-Faraday fan club.
-
@Seamus said in Saving Pages to the Database:
Just throwing this out there, but RHOST already has something akin to this, sort-of, the @snoop feature which allows staff to view all activity of any player registered to them, including inputs and pages.
Fairly sure most, if not all, codebases do.
-
@faraday said in Saving Pages to the Database:
What I'm really asking is whether the illusion of private pages is important enough to players that they would not want to play on a game that was explicit about the fact that they're saved to the database.
@ZombieGenesis said in Saving Pages to the Database:
I'd be all for it. Anything nasty I have to say about a game I say to people via some other messenger service anyway.
@Ghost said in Saving Pages to the Database:
You take it on faith that staff, who you may or may not know, aren't reading pages, invisible and watching you TS, or saving your conversations with personal info. You resign to I'll...raise hell on MSB if I find out, but ultimately it's about faith and ignoring the negative/risks for the benefit.
I think these all sum it up for me. Late to the tea party as usual. I've seen a few similar such discussions on MUSH when talking about administrating a penn game and actually using the suspect/monitor flags. It's about the ethics more than anything else. Because staff can do some of that doesn't mean they should. Really there's no recourse other than broken trust if staff are found out. Secondary to that, I'm in the boat if I want to throw shade at staff, I do it off site.
I think as long as its explicit, pages are recorded, I'd play on the game, and yes, the others already have it as an optional switch staff can flip anytime they like (monitoring pages). I don't think its going to create any measurable loss of players who would play with that fact expressed. Staff can set up policy on the why/how they would check pages and if it comes out there was something shady, players can raise the mistrust by telling friends about staff or posting here, etc.
-
@Seamus said in Saving Pages to the Database:
Just throwing this out there, but RHOST already has something akin to this, sort-of, the @snoop feature which allows staff to view all activity of any player registered to them, including inputs and pages. That being said, people still play on RHOST servers. It really has to do with trust vs capability. If they trust the staff, it doesn't matter really what the staff can or cannot do.
Penn has the same thing with the SUSPECT flag, but both of those must be enabled on an individual player-by-player basis. In the past, the idea that some games might turn it on wholesale for everyone has gotten some serious ethical side-eye -- even if nobody was actually looking at the logs except in cases of reported harassment.
-
That's the thing, the Suspect flag logs it. The @snoop feature is live monitoring. As it comes across while the pages and stuff are happening. To me that's a big distinction, one is logged for later viewing if needed. The other is full on "snoop"ing.
