Posts made by Ghost

@Derp Counterpoint:

I dont think anyone should be banned from the community or that such a DB should ever exist. People are fallible and bias is everywhere. Having said that there's definitely people out there who have been somewhat "proxy banned" from the community, or are on constant "SpiderWatch" that even if they're now the perfect roleplayer will forever wear that scarlet letter; at least to some players who vow to never forget/forgive.

When you're talking about punishment, public shaming, and how to deal with players, you have to take into account that like it or not some players have vowed never to even attempt to RP on some games if X or Y person has a character bit there, and the casual cyberstalking to try to sleigh-out who is who isn't considered stalking (though it probably should).

When I said that, I wasnt promoting the idea, but simply that there is no "central dbase of worst people ever", and even then it would be highly subjective. The best any game owner could do in my opinion is to dispassionately maintain a whitelist of who is allowed and who has been removed from the whitelist, since public shaming is messy and rife with inaccuracies.

Yet, I regularly see complaints about banned players sneaking back into games, constant hunts for banned players where innocent players can't log in due to using the same vpn service, and the harsh reality that there's really no central database of players banned from the community itself.

This is another argument for leaning towards newer technology, such as IPTables, and creating connection schemes for your MU to operate on a whitelist of "known OK" users.

In theory, getting access to the player zone of a game could involve everyone being forced to user guest-only accounts until approved, and then after approval being allowed into the whitelist of approved connection addresses where only known entities are allowed.

Public shaming is popular because it assumes that if you break the will of the user to no longer want to attempt to partake in the community that they'll stop, but we see some players take the alternate route of stalking and skulking about.

If you had more control over a whitelist like IP tables, you can make people stay away.

One of the issues MU has in terms of "rules" is that the goal posts constantly move, and there's a lot of subjective interpretation in play.

Example:

• Player well within their right to drop/re-cgen charbit as they see fit (generally considered okay)
• Player drops charbit for whatever reason (but not to cheat or break the rules) but it inconveniences a player (still well within the rules, but can result in ooc negativity on either the player's or inconvenienced player's part)
• Player regularly drops charbits to regen new charbits (still within the rules)

Now...

• TECHNICALLY a player who drops charbits when they get bored with an IC relationship, kills the character, then regens with a charbit that is specifically designed to woo a target charbit for an IC relationship is still TECHNICALLY well within their right to do so, but arguably disruptive to the game because it makes other players angry

So, in theory, a player who did stuff like this would suffer RP loss for shenanigans like that, and if they tried to push the issue via pages or ooc pressuring would definitely be in the wrong due to harassment policies, but dropping/rebuilding whatever character they please is well within the rules, so...handwobble. Technically if the player didn't harass and just kept dropping/rebuilding, it might not be popular, but it's not against the rules. The players should handle how they deal with this by simply...not RPing with the annoying player.

I think a lot of "justice seeking" happens for gray area stuff than actual rules/punishment can allow, so staff tend to get a lot of pressure from players to cockpunch other players for stuff that isn't in the rules at all, and if said pressure is not acted on in the way the jilted player feels results in backchannel retaliation against badPlayer and staff.

@Ganymede Well, there a few schools of thought on most MU.

1. IC Authority figures should be either staff PCs or played by staff-approved players to control how plot is driven, but then these PCs always have a crazy amount of plot armor.
2. IC authority figures can be played within each faction, but only factions who support staff-driven plot direction get the most attention.
3. No one's in charge ICly, but staff plot will likely still determine pass/fail on plot-centric actions

In all cases it's still pretty smart to follow along with staff wishes, because there are very few MUs where staff don't have some "plot vision" in mind and will let the chimps determine what happens to the zoo.

It's also very smart in any case to stay on staff's good side via what information is seen by staff. I rarely have seen someone who staff reviled still getting equal unbiased results compared to people who cheerlead staff.

@Derp Conflict of interest is such a weird concept on MUs, or at least the concept of bias and how it affects conflict of interest in ways we don't often discuss. Over the years I have seen bad staff feeding their alts (or alts of their friends) with OOC information to lubricate IC results.

Regardless, I think there's something to "snooping" being related to defending compartmentalization of information for better or worse. Kind of like how people freak out about being seen in their underwear but couldn't care less about being seen in a swimming suit that is virtually no different from underwear "because you CHOSE to be seen in that underwear".

People want to control what scenes are public knowledge because the IC content could be damaging either Oocly or ICly. People also want to control which pages are seen because they're considered (though aren't) private and they don't want their private information or potentially nasty OOC page communications getting back to the people they're talking about.

I think people like to compartmentalize who they make snide remarks or complain to others about based on the intended target of the message and worry about staff being aware of some of the stuff said. Oh, man, have I received some epic bitching about staff in pages...

@L-B-Heuschkel Meier and Carmila were amazing in Bloodlust

I think there could be some truth that the format is obsolete and having trouble adapting to modern security and privacy models. @faraday is right that upgrading standup of a game would be more difficult with SSH, and probably slightly more expensive.

What I'm seeing, though, is that privacy from a computer vulnerability standpoint (regardless of other risks) isnt as critical to MU players as the immediate privacy factor of staff snooping.

Forgive me if this seems presumptuous, but I kind of feel like the typical MU'er KNOWS there's privacy problems going in, but still does it anyway, and it's just constantly taken on good faith that their "private stuff" on games is private, even when there's a bazillion ways (right on down to staff backtracing IPs, email addresses, watching page streams, setting invisible and teleporting into scene room) that it could EASILY be spied on.

What is a little perplexing to me is that there are things on these games considered important enough to be kept secret, at least outside of "plot-type secrets only staff and players should know". Yet the concern still seems less for other players learning their IC secrets than it does being watched by unknown persons.

@Wretched Well, the tech stuff I was talking about was just a reminder that technically staff snooping isn't the only privacy concern.

Much to my dislike, I think Corporate HR provides a mindset that might make a fair policy on how and when staff monitor people's MU time. I imagine it could be something like:

• If staff receives a complaint that they feel requires investigation via observation (corporatese for spying), then staff will log that they are doing so in transparency with other staff for no less than X hours/days. All non-pertinent information logged will be destroyed afterwards, and will not be shared by any players non-essential to reviewing the complaint.

Or, for short:

• Staff cant arbitrarily snoop without all staff knowing
• Staff cant snoop indefinitely
• Staff cant share what they find with MSB
• Any PII or stuff not related to the problem isn't saved to a hard drive

@faraday Hrm.

Do most MU-providers run on HTTPS and have certs? I wonder if their CA cert would allow the games on their servers to fall under the umbrella of that cert.

Granted, then if the MU provider slacked in upkeep of their cert then MU users would have to fall back on telnet.

Still wouldn't protect from on-game snooping, though.

The reason I bring this up is because all telnet port concerns aside, you gotta ask questions, like: "If I'm in a TS scene and a staffer who hates me collects my IP information or pages, what's to stop them from using the DB as a data aggregator that results in my spouse being found on FB and logs of my TS being sent to them?"

Sure, it's an extreme case, but when discussing privacy it's those kinds of questions that can create good policies and security standards.

@faraday said in Privacy in gaming:

SSH won't protect you from the game owners snooping though.

True. At that point you delve into whether a MU applies as developed software and should have some form of EULA that describes right to privacy and how/when (and user agrees to) the app owner can breach that privacy.

In theory, if someone pages another person with their name and phone number, that information sticks to the DB, then someone with access to the DB utilizes that in some kind of crime, there could be ramifications, there. I'm no lawyer, but this seems a sound assumption.

@Alamias Most modern clients support SSH, and ive heard of a few games that tested it. SSH encrypts the entirety of the message, including users/password authentication. The settings are always around there somewhere.

@Sunny in theory, written policies on how staff collect, snoop, and share data transmitted to and from the MU isn't a horrible thing to make into a standard.

@Arkandel Perhaps, but let's take it a little deeper.

In theory any online service that communicates with persons in the EU falls under the GDPR, even if monetary transactions aren't taking place. Per the GDPR any processor or controller of PII (personally identifying information) of EU citizens must disclose what is being collected, what is getting logged, how long it will log for, how it will be shared, and can only collect/keep as much is necessary for the service to take place.

So, in theory, since the GDPR considers IP addresses to be PII, it wouldn't be out of bounds for a citizen of the EU to demand an audit of a MU for any PII of theirs that was collected, shared, etc.

I know the topic is in regards to privacy in terms of "reading someone's poses", but between using telnet and the fact that most game runners don't even know what info is kept/collected (or whether or not that DB stolen from the old WoD game was made to make a new one) there's a chance that plenty of stuff exists in storage on these games that people may not wanto be collected.

Everyone who play these games should absolutely assume that staff, players, people snooping their connection, etc are able to read their TS, because it really is an insecure hobby with a shitload of "PII collecting gray area". Most people care a lot about policies regarding behavior/staff snooping, but tend to not think to ask about whether or not staff are aware of or have an eyeball on how their PII is controlled or TS logs are able to be read by Swedish 16 year olds with warez that were obsolete almost 15 years ago.

@Auspice Thank you. Repeating record, here.

MU transmissions sent over telnet port 23 are transmitted in plaintext and highly susceptible to keystroke loggers, password sniffing, and other forms of interception. Telnet is the current MU standard, replaced in every other industry by SSH around 2005 due to horrific vulnerabilities.

I can only surmise that since people don't seem to worry about this (but are horrifed that staffers or other players could be reading their TS) that the emphasis on privacy is more related to feelings on persons within the community than about 3rd party snooping or spouses using spyware.

As I understand it, the reason people don't like staff monitoring/logging is because of risk of unethical use on staff's part, and in most cases headstaff aren't exactly removable; they can actually ban you for calling them out on shady things. There are a lot of known cases of staff perv-monitoring TS or monitoring pages of people they don't like to fish for ban-bait.

On the other side of the coin, it seems reasonable to me that people might not also lile stafd monitoring because not every accusation is ground in fact. There are shit stirrers. Nobody wants to have their TS read because some crazy made a baseless accusation.

Yet, having said this, I think it's a smart policy for staff to reserve the right to "monitor" based on accusations regardless, so long as it is done transparently with staff and with respect to the person being monitored. Keeping this in play gives staff a useful tool to protect their players from bad behavior.

@Derp said in Recent banning:

@Ghost said in Recent banning:

jb4i48vuHABnw9c8!#34

How did you find my e-mail password?!?

No lie. My middle name is literally "BruteForce".

@faraday I've done that before. Change the password to some random pounding of keys like jb4i48vuHABnw9c8!#34 and then logout.

"Out of sight/out of mind" isn't as effective as "Out of sight/No longer has keys to the house even if it comes back to mind". I respect staff just letting us know they requested the ban and that the banning isn't because of some other issue. People do love a good mystery.

@insomniac7809 I agree with that. That's fair.

@Tinuviel said in The ethics of IC romance, TS, etc:

@Ghost That... you know 'log' is slang for poop, right?

Well, yeah, but it's also a term for a cylindrical chunk of wood. Like a...you know...penis.