Posts made by Ghost

@Ganymede Well, there a few schools of thought on most MU.

1. IC Authority figures should be either staff PCs or played by staff-approved players to control how plot is driven, but then these PCs always have a crazy amount of plot armor.
2. IC authority figures can be played within each faction, but only factions who support staff-driven plot direction get the most attention.
3. No one's in charge ICly, but staff plot will likely still determine pass/fail on plot-centric actions

In all cases it's still pretty smart to follow along with staff wishes, because there are very few MUs where staff don't have some "plot vision" in mind and will let the chimps determine what happens to the zoo.

It's also very smart in any case to stay on staff's good side via what information is seen by staff. I rarely have seen someone who staff reviled still getting equal unbiased results compared to people who cheerlead staff.

@Derp Conflict of interest is such a weird concept on MUs, or at least the concept of bias and how it affects conflict of interest in ways we don't often discuss. Over the years I have seen bad staff feeding their alts (or alts of their friends) with OOC information to lubricate IC results.

Regardless, I think there's something to "snooping" being related to defending compartmentalization of information for better or worse. Kind of like how people freak out about being seen in their underwear but couldn't care less about being seen in a swimming suit that is virtually no different from underwear "because you CHOSE to be seen in that underwear".

People want to control what scenes are public knowledge because the IC content could be damaging either Oocly or ICly. People also want to control which pages are seen because they're considered (though aren't) private and they don't want their private information or potentially nasty OOC page communications getting back to the people they're talking about.

I think people like to compartmentalize who they make snide remarks or complain to others about based on the intended target of the message and worry about staff being aware of some of the stuff said. Oh, man, have I received some epic bitching about staff in pages...

@L-B-Heuschkel Meier and Carmila were amazing in Bloodlust

I think there could be some truth that the format is obsolete and having trouble adapting to modern security and privacy models. @faraday is right that upgrading standup of a game would be more difficult with SSH, and probably slightly more expensive.

What I'm seeing, though, is that privacy from a computer vulnerability standpoint (regardless of other risks) isnt as critical to MU players as the immediate privacy factor of staff snooping.

Forgive me if this seems presumptuous, but I kind of feel like the typical MU'er KNOWS there's privacy problems going in, but still does it anyway, and it's just constantly taken on good faith that their "private stuff" on games is private, even when there's a bazillion ways (right on down to staff backtracing IPs, email addresses, watching page streams, setting invisible and teleporting into scene room) that it could EASILY be spied on.

What is a little perplexing to me is that there are things on these games considered important enough to be kept secret, at least outside of "plot-type secrets only staff and players should know". Yet the concern still seems less for other players learning their IC secrets than it does being watched by unknown persons.

@Wretched Well, the tech stuff I was talking about was just a reminder that technically staff snooping isn't the only privacy concern.

Much to my dislike, I think Corporate HR provides a mindset that might make a fair policy on how and when staff monitor people's MU time. I imagine it could be something like:

• If staff receives a complaint that they feel requires investigation via observation (corporatese for spying), then staff will log that they are doing so in transparency with other staff for no less than X hours/days. All non-pertinent information logged will be destroyed afterwards, and will not be shared by any players non-essential to reviewing the complaint.

Or, for short:

• Staff cant arbitrarily snoop without all staff knowing
• Staff cant snoop indefinitely
• Staff cant share what they find with MSB
• Any PII or stuff not related to the problem isn't saved to a hard drive

@faraday Hrm.

Do most MU-providers run on HTTPS and have certs? I wonder if their CA cert would allow the games on their servers to fall under the umbrella of that cert.

Granted, then if the MU provider slacked in upkeep of their cert then MU users would have to fall back on telnet.

Still wouldn't protect from on-game snooping, though.

The reason I bring this up is because all telnet port concerns aside, you gotta ask questions, like: "If I'm in a TS scene and a staffer who hates me collects my IP information or pages, what's to stop them from using the DB as a data aggregator that results in my spouse being found on FB and logs of my TS being sent to them?"

Sure, it's an extreme case, but when discussing privacy it's those kinds of questions that can create good policies and security standards.

@faraday said in Privacy in gaming:

SSH won't protect you from the game owners snooping though.

True. At that point you delve into whether a MU applies as developed software and should have some form of EULA that describes right to privacy and how/when (and user agrees to) the app owner can breach that privacy.

In theory, if someone pages another person with their name and phone number, that information sticks to the DB, then someone with access to the DB utilizes that in some kind of crime, there could be ramifications, there. I'm no lawyer, but this seems a sound assumption.

@Alamias Most modern clients support SSH, and ive heard of a few games that tested it. SSH encrypts the entirety of the message, including users/password authentication. The settings are always around there somewhere.

@Sunny in theory, written policies on how staff collect, snoop, and share data transmitted to and from the MU isn't a horrible thing to make into a standard.

@Arkandel Perhaps, but let's take it a little deeper.

In theory any online service that communicates with persons in the EU falls under the GDPR, even if monetary transactions aren't taking place. Per the GDPR any processor or controller of PII (personally identifying information) of EU citizens must disclose what is being collected, what is getting logged, how long it will log for, how it will be shared, and can only collect/keep as much is necessary for the service to take place.

So, in theory, since the GDPR considers IP addresses to be PII, it wouldn't be out of bounds for a citizen of the EU to demand an audit of a MU for any PII of theirs that was collected, shared, etc.

I know the topic is in regards to privacy in terms of "reading someone's poses", but between using telnet and the fact that most game runners don't even know what info is kept/collected (or whether or not that DB stolen from the old WoD game was made to make a new one) there's a chance that plenty of stuff exists in storage on these games that people may not wanto be collected.

Everyone who play these games should absolutely assume that staff, players, people snooping their connection, etc are able to read their TS, because it really is an insecure hobby with a shitload of "PII collecting gray area". Most people care a lot about policies regarding behavior/staff snooping, but tend to not think to ask about whether or not staff are aware of or have an eyeball on how their PII is controlled or TS logs are able to be read by Swedish 16 year olds with warez that were obsolete almost 15 years ago.

@Auspice Thank you. Repeating record, here.

MU transmissions sent over telnet port 23 are transmitted in plaintext and highly susceptible to keystroke loggers, password sniffing, and other forms of interception. Telnet is the current MU standard, replaced in every other industry by SSH around 2005 due to horrific vulnerabilities.

I can only surmise that since people don't seem to worry about this (but are horrifed that staffers or other players could be reading their TS) that the emphasis on privacy is more related to feelings on persons within the community than about 3rd party snooping or spouses using spyware.

As I understand it, the reason people don't like staff monitoring/logging is because of risk of unethical use on staff's part, and in most cases headstaff aren't exactly removable; they can actually ban you for calling them out on shady things. There are a lot of known cases of staff perv-monitoring TS or monitoring pages of people they don't like to fish for ban-bait.

On the other side of the coin, it seems reasonable to me that people might not also lile stafd monitoring because not every accusation is ground in fact. There are shit stirrers. Nobody wants to have their TS read because some crazy made a baseless accusation.

Yet, having said this, I think it's a smart policy for staff to reserve the right to "monitor" based on accusations regardless, so long as it is done transparently with staff and with respect to the person being monitored. Keeping this in play gives staff a useful tool to protect their players from bad behavior.

@Derp said in Recent banning:

@Ghost said in Recent banning:

jb4i48vuHABnw9c8!#34

How did you find my e-mail password?!?

No lie. My middle name is literally "BruteForce".

@faraday I've done that before. Change the password to some random pounding of keys like jb4i48vuHABnw9c8!#34 and then logout.

"Out of sight/out of mind" isn't as effective as "Out of sight/No longer has keys to the house even if it comes back to mind". I respect staff just letting us know they requested the ban and that the banning isn't because of some other issue. People do love a good mystery.

@insomniac7809 I agree with that. That's fair.

@Tinuviel said in The ethics of IC romance, TS, etc:

@Ghost That... you know 'log' is slang for poop, right?

Well, yeah, but it's also a term for a cylindrical chunk of wood. Like a...you know...penis.

@Tinuviel said in The ethics of IC romance, TS, etc:

And people here have long memories. Or logs.

Passed my willpower check on this one. I didn't make a dick joke here, and want credit for not making it.

But if I had, it would have been: "And no one likes short logs on a Saturday night, right gang???"

But I didn't.

So I'm proud.

You know you're on a weird/deep wikipedia dive when you think: "I wonder whatever happened to Jackée from that 227 TV show?"

@Ganymede I would, too. Only...you know.

Being on hand to back up people getting pressured into sexual situations or trying to simulate sexual situations without consent is a worthy cause.