Posts made by Ghost

@L-B-Heuschkel Meier and Carmila were amazing in Bloodlust

I think there could be some truth that the format is obsolete and having trouble adapting to modern security and privacy models. @faraday is right that upgrading standup of a game would be more difficult with SSH, and probably slightly more expensive.

What I'm seeing, though, is that privacy from a computer vulnerability standpoint (regardless of other risks) isnt as critical to MU players as the immediate privacy factor of staff snooping.

Forgive me if this seems presumptuous, but I kind of feel like the typical MU'er KNOWS there's privacy problems going in, but still does it anyway, and it's just constantly taken on good faith that their "private stuff" on games is private, even when there's a bazillion ways (right on down to staff backtracing IPs, email addresses, watching page streams, setting invisible and teleporting into scene room) that it could EASILY be spied on.

What is a little perplexing to me is that there are things on these games considered important enough to be kept secret, at least outside of "plot-type secrets only staff and players should know". Yet the concern still seems less for other players learning their IC secrets than it does being watched by unknown persons.

@Wretched Well, the tech stuff I was talking about was just a reminder that technically staff snooping isn't the only privacy concern.

Much to my dislike, I think Corporate HR provides a mindset that might make a fair policy on how and when staff monitor people's MU time. I imagine it could be something like:

• If staff receives a complaint that they feel requires investigation via observation (corporatese for spying), then staff will log that they are doing so in transparency with other staff for no less than X hours/days. All non-pertinent information logged will be destroyed afterwards, and will not be shared by any players non-essential to reviewing the complaint.

Or, for short:

• Staff cant arbitrarily snoop without all staff knowing
• Staff cant snoop indefinitely
• Staff cant share what they find with MSB
• Any PII or stuff not related to the problem isn't saved to a hard drive

@faraday Hrm.

Do most MU-providers run on HTTPS and have certs? I wonder if their CA cert would allow the games on their servers to fall under the umbrella of that cert.

Granted, then if the MU provider slacked in upkeep of their cert then MU users would have to fall back on telnet.

Still wouldn't protect from on-game snooping, though.

The reason I bring this up is because all telnet port concerns aside, you gotta ask questions, like: "If I'm in a TS scene and a staffer who hates me collects my IP information or pages, what's to stop them from using the DB as a data aggregator that results in my spouse being found on FB and logs of my TS being sent to them?"

Sure, it's an extreme case, but when discussing privacy it's those kinds of questions that can create good policies and security standards.

@faraday said in Privacy in gaming:

SSH won't protect you from the game owners snooping though.

True. At that point you delve into whether a MU applies as developed software and should have some form of EULA that describes right to privacy and how/when (and user agrees to) the app owner can breach that privacy.

In theory, if someone pages another person with their name and phone number, that information sticks to the DB, then someone with access to the DB utilizes that in some kind of crime, there could be ramifications, there. I'm no lawyer, but this seems a sound assumption.

@Alamias Most modern clients support SSH, and ive heard of a few games that tested it. SSH encrypts the entirety of the message, including users/password authentication. The settings are always around there somewhere.

@Sunny in theory, written policies on how staff collect, snoop, and share data transmitted to and from the MU isn't a horrible thing to make into a standard.

@Arkandel Perhaps, but let's take it a little deeper.

In theory any online service that communicates with persons in the EU falls under the GDPR, even if monetary transactions aren't taking place. Per the GDPR any processor or controller of PII (personally identifying information) of EU citizens must disclose what is being collected, what is getting logged, how long it will log for, how it will be shared, and can only collect/keep as much is necessary for the service to take place.

So, in theory, since the GDPR considers IP addresses to be PII, it wouldn't be out of bounds for a citizen of the EU to demand an audit of a MU for any PII of theirs that was collected, shared, etc.

I know the topic is in regards to privacy in terms of "reading someone's poses", but between using telnet and the fact that most game runners don't even know what info is kept/collected (or whether or not that DB stolen from the old WoD game was made to make a new one) there's a chance that plenty of stuff exists in storage on these games that people may not wanto be collected.

Everyone who play these games should absolutely assume that staff, players, people snooping their connection, etc are able to read their TS, because it really is an insecure hobby with a shitload of "PII collecting gray area". Most people care a lot about policies regarding behavior/staff snooping, but tend to not think to ask about whether or not staff are aware of or have an eyeball on how their PII is controlled or TS logs are able to be read by Swedish 16 year olds with warez that were obsolete almost 15 years ago.

@Auspice Thank you. Repeating record, here.

MU transmissions sent over telnet port 23 are transmitted in plaintext and highly susceptible to keystroke loggers, password sniffing, and other forms of interception. Telnet is the current MU standard, replaced in every other industry by SSH around 2005 due to horrific vulnerabilities.

I can only surmise that since people don't seem to worry about this (but are horrifed that staffers or other players could be reading their TS) that the emphasis on privacy is more related to feelings on persons within the community than about 3rd party snooping or spouses using spyware.

As I understand it, the reason people don't like staff monitoring/logging is because of risk of unethical use on staff's part, and in most cases headstaff aren't exactly removable; they can actually ban you for calling them out on shady things. There are a lot of known cases of staff perv-monitoring TS or monitoring pages of people they don't like to fish for ban-bait.

On the other side of the coin, it seems reasonable to me that people might not also lile stafd monitoring because not every accusation is ground in fact. There are shit stirrers. Nobody wants to have their TS read because some crazy made a baseless accusation.

Yet, having said this, I think it's a smart policy for staff to reserve the right to "monitor" based on accusations regardless, so long as it is done transparently with staff and with respect to the person being monitored. Keeping this in play gives staff a useful tool to protect their players from bad behavior.

@Derp said in Recent banning:

@Ghost said in Recent banning:

jb4i48vuHABnw9c8!#34

How did you find my e-mail password?!?

No lie. My middle name is literally "BruteForce".

@faraday I've done that before. Change the password to some random pounding of keys like jb4i48vuHABnw9c8!#34 and then logout.

"Out of sight/out of mind" isn't as effective as "Out of sight/No longer has keys to the house even if it comes back to mind". I respect staff just letting us know they requested the ban and that the banning isn't because of some other issue. People do love a good mystery.

@insomniac7809 I agree with that. That's fair.

@Tinuviel said in The ethics of IC romance, TS, etc:

@Ghost That... you know 'log' is slang for poop, right?

Well, yeah, but it's also a term for a cylindrical chunk of wood. Like a...you know...penis.

@Tinuviel said in The ethics of IC romance, TS, etc:

And people here have long memories. Or logs.

Passed my willpower check on this one. I didn't make a dick joke here, and want credit for not making it.

But if I had, it would have been: "And no one likes short logs on a Saturday night, right gang???"

But I didn't.

So I'm proud.

You know you're on a weird/deep wikipedia dive when you think: "I wonder whatever happened to Jackée from that 227 TV show?"

@Ganymede I would, too. Only...you know.

Being on hand to back up people getting pressured into sexual situations or trying to simulate sexual situations without consent is a worthy cause.

@DareDaemon said in TS - Danger zone:

You don't have the right to tell staff that they have to adjudicate textfucking if people have some gripes about what happened during their textfucking. Insisting that as staff that's part of my job, is fucking disgusting.

I agree with @Tinuviel

It sucks to have to get all staffy, but unfortunately there are ooc pressures and some pretty extreme behaviors that happen surrounding TS that it's important for staff to enforce those sorts of things as policy.

Staff settling some kind of IC tryst drama? Nah.

Staff settling someone trying to rape their character ICly? Absolutely.

Are there any more games left that prohibit TS? Sounds like a bad investment idea on the part of the people who took the time to stand the game up.