Corp Security Check


(Akmaund Askiras) #1

Hello. How can I check my applicants’ backgrounds with the new ESI system? I asked in help chat and they politely replied stating: an application has not yet been made public. I was just wondering then, how does a corp conduct security checks? Do I have to be a developer to have my own tools to do this? If I am not a developer, how then can I resolve this issue? Thanks for taking the time to read my question. Fly safe.


(ISD Sakimura) #2

It is true that no such tool yet exists which is using ESI. However what you can do is: request an EVESkillBoard.com link which you can then use to check the character’s Corp history. Though you can already see that ingame.

As CEO or Officer in a Corporation you do not want undesirables, such as spies (very hard to detect), into your corp, so one way of finding out if the player has bad intentions is to look at it’s corp history it is however not much to go on and with Characters swapping owners it makes it even harder. With the XML API you could at least know the names on all characters on the players account, ESI is different in this aspect as you can only get info on the character that does the SSO (login).

Until someone creates and publishes a tool to do security checks you will just have to try and ask the Player for the info and trust that the information is the truth. Trust is the most valuable commodity in EVE and also the hardest thing to acquire. I’m sure you have heard about a few of the many stories about players who have infiltrated a Corp, with months of planning and pretending to be legitimate, only to backstab the corporation/a player by stealing assets, emptying Wallets, transferring structures etc.

No, you do not need to be a developer. Anyone can have tools by having them connected via the https://developers.eveonline.com/

If a tool has yet to be made then you could be the one to make it, and possibly make a profit by asking for a small ISK fee for the use of it. Creating you own tools does require some knowledge in Programming Language(s), be that Web-programming, C/C++/C#, Java and so on…


(Ivory Harcourt) #3

https://beta.esiknife.space/

You cannot do checks on every character on the account though, it’s a “feature” of ESI.

Also, some hint about how to use it : https://www.reddit.com/r/Eve/comments/8tf1eh/esiknife_now_has_shareable_urls/


(Obil Que) #4

eve-hr.com


(Estuary Algaert) #5

Something to keep in mind, a large number of players have multiple accounts. The data you can access is limited to whatever accounts they provide you and it is unlikely a player with ill intent will give you that.

As said…


(Akmaund Askiras) #6

I really appreciate the replies folks! Thank you! This seems a bit complicated to me actually as I am just not that good with computers actually. That is unfortunate. I would like to learn and make my own tools so maybe that is what I will do.

I would just like to keep my corp safe and secure. I am aware of roles and how players can abuse them if you give them too much. I have no idea though, how to program an app that will tell me if this person is a spy or not…

I assume some other organizations out there, who have developers in them, have them? or are planning to make them?

If I cannot make them, would you trust an app that was a third party source with your corporations delicate security information?

I hate to say it it but a general rule of thumb is, if you are asking then you should already know its a bad idea…

This makes me feel kinda lost, as if so many other corps must be lost too. I mean by how do they secure their recruiting process now, unless they are developers themselves?

I will check the link provided, thank you VERY much everyone. Its good to know that I can no longer see the other characters on said members account unless they sign in with all characters thru the SSO. One way maybe would to require the member to sign in with all characters… thing is, is how do I know he has or has not made other characters on said account?


(Akmaund Askiras) #7

Can you further elaborate how this helps me check a characters background, or account verification? I did log in and am attempting to learn. I do see the recruitment area but it appears only to make an advertisement? Thanks for helping. :slight_smile:


(Akmaund Askiras) #8

I am reading the reddits and about section, I still have many questions to ask but I just got into eve-hr and am not stumped, so I asked my question related and will now attempt to check esiknife out. :slight_smile:


(Obil Que) #9

You create the application link and then give that to prospective recruits
They log on to the site via that link and authorize with ESI
EVE-HR then gives you, the recruiter, access to the information that was authorized with ESI

So basically like how the old XML API worked, just using ESI methods.


(Akmaund Askiras) #10

And being I am creating that link, I get to control what scopes I want access to?

EDIT: I’m just not seeing where I go to create that link. yet.


(Obil Que) #11

I don’t think so. I believe it just authorizes a comprehensive set. That would probably be a better question for the author on his discord.


(Akmaund Askiras) #12

I will check it out. I may become a patron as well. I do wish to know what happens to my information, like I had to log in so I authorized a bunch of READ scopes.

Thanks for your help.


(Dom Arkaral) #13

What if you only want those tho? :stuck_out_tongue_winking_eye:
cough


(Akmaund Askiras) #14

So a little digging around and I see that Eve-HR is not open source and not yet verified by a community to be safe. All ESI SSO data could be theoretically pulled into a database and sold or used somehow with intent.

nice going CCP


(Akmaund Askiras) #15

Okay so I had a chat with my roommate who is a Developer for his own security firm, and he says as far as he can tell the apps look legit. He also says the background data though can be compromised and easily copied. He said and Im paraphrasing here, Any third party application can be maliciously used to steal data from anyone who uses the ESI system.

So that in a nutshell spells it out for me. Its okay to use for video game stuff but if you are a CEO and giving your SSO data out, you better know who you are giving that data to, or trust them 100%. As for being a corp mate and applying to a corp, sure you can likely trust them with your data.

Its all about perspective and what is relative. I cannot compromise on my security for myself nor my corporation. This is all just a learning experience and I will adapt to secure changes where I learned new ways to secure myself and my assets.

I must say, CCP should make an ESI checker. and I will make a thread on that idea specifically in the ideas and features area.

So as long as you use third party SSO login for Scopes your good, but you need to trust the source. It would be easy to setup a database and save everyones information and sell it, you know who you are.


(Akmaund Askiras) #16

I just found this in another thread.
http://recruitment.zodiac-syndicate.space

Here is the thread.

I think this is pretty awesome. It requires only one scope to verify as a recruiter.


(Bonnie Stenier-Tian) #17

At some point I’ll remember to put a licence on the Git repository & link the code.

Trust & all that :wink:


(system) #18

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.