Check out this dev blog for the latest installment of regular information on security action from Team Security!
11 Likes
Interesting blog and explanation about the advancement of restrictions for botting accounts.
Regarding CCP communications: Why not just have CCP communications ticketed, so that VS someone posting information regarding a dev/ccp communications being taken out of context that they could (like an api) just be simply linked or referenced. The line 18 change of the EULA I canât help but see as âshadyâ as if I recall it was implemented shortly after the âT20/BoBâ T2 Cheating / lotto rigging fiasco. Why not allow referenceable sources with official communication be allowed to be publicly reference-able âin contextâ via a link. Then people could misquote CCP all they wanted to with said link it wouldnât be taken out of context. Itâs not like people donât post it anyway, They usually just censor names/times anyhow. Which still if convincing (like a bad headline) still shines poorly on CCP. (in my opinion) Transparency is key.
2 Likes
http://www.escapistmagazine.com/articles/view/video-games/editorials/op-ed/847-Jumpgate-EVE-s-Devs-and-the-Friends-They-Keep for example⌠mis quoted or original replies in this link? who knows? ccp still comes off looking poorly.
Wait, so this whole time until now when people were getting bans they could xfer characters to another account? 
:
No. That was banned years ago. The new penalty is that they canât use skill extractors.
1 Like
What is the definition of âbans related to account hijackingâ ?
âhijackingâ could only be account hack / takeover.
E: And Iâm stunned by the number⌠it implies an even larger number of affected accounts. When an email takeover is involved in a hijack, a bunch of eve accounts could be compromised at once. (Go 2FA!)
1 Like
Fact of the matter is CCP still shows an afinity toward certain groups ingame and no matter how you spin it they have no internal security overlooking what their employees do or who they feed intel on future development or company plans.
1 Like
Uh. There is literally a division of ccp called internal affairs. You can email them if you believe a ccp employee is showing bias.
4 Likes
Really appreciate you taking that feedback on the skill injectors and putting it into practice. I remember when I saw it being brought up, and CCP (forgot who) said it was a great idea and try to get that done. Thatâs a sure way they would avoid the account strikes and ban that you are trying to stop the botting with.
as a normal player from China
i just know lots of players use bots
and other methods against EULA
but finnaly nothing happenedâŚ
1 Like
The expanded clarification to section 18 is appreciated, Iâve bumped into a couple R00kies that are so scared of it that they were afraid to link CCP employeesâ Twitter handles in chat, thinking that would get them a ban hammer smak.
While hitting bots RMTâers & account thieves is great & 2FA would help on accounts staying in the hands of their proper owners, Iâm still holding out for a authorization codes fob like the Blizzard/BattleNet ones. Iâd be willing to plunk down $10-20 bucks for one so my 2FA isnât 100% tied to an email account to work. Half my accounts are on Yahoo emails, those are admitted to have been compromised in the Billion range now. A method outside repeated email checking for the 2FA blerb would be something Iâd want!
Mikkhi
1 Like
I welcome the banning and other severe restrictions against bots. Not sure how somebody would let their account get hijacked - just donât trust anybody enough to hand out your account creds. You might as well give them your credit card details, tooâŚ
you can get 2FA in a number of ways on a smart phone. RSA, SafeNet, Google Authenticator are just a few.
Iâm glad you guys are taking action against botters. Theyâre a plague in practically every well-known MMO. Coming from Runescape, Iâm accustomed to harsh action being taken against bots and those who run them. But, Jagexâs Botwatch program isnât perfect and it has permanently banned innocent people in the past.
Do you guys investigate every report of botting or do you have a system in place to monitor this sort of activity? What steps do you guys take to ensure no innocent person is accidentally banned for botting?
2 Likes
Delayed local will stop botting!!!
1 Like
Thatâs not a bad idea. Weâll think about these things and maybe weâll end up making some changes down the line. Thereâs a lot of factors to consider to make such a system safe, even just from accidents, as oftentimes tickets contain personal information that people divulge about themselves or others.
Complete lack of transparency isnât great for anyone involved. If the information firewall has no holes in it it also means that anyone can make all kinds of wild claims about how they were treated by us and hide behind the fact theyâre not allowed to share the communication. We reserve the right to call those people out and if anyone feels slighted by us, itâs fair they get to call us out as well. Any general rules surrounding this just need to be sensible and protect against unintended consequences.
An active conversation about these things is a good start 
1 Like
In almost all cases the âhacked accountâ is just accessed with valid credentials because someone lost access to their E mail address in a big data leak somewhere. And yes, there are easy steps to protect those E mail accounts like 2FA and general diligence.
1 Like
We have automatic detection methods in place but we manually confirm the ruling before banning someone. False positives are so rare for bot bans that weâve almost never had actual false positives. We like to be very sure and we wonât allow the machines to make the final decision until we trust them completely. Theyâre very accurate today but we donât really accept collateral damage.