ESI Scopes that let others read your entire mail box

ESI Scopes. I trust you are familiar with those? These are employed by various external sites where you can allow them access to various bits of data from your character and in return be offered specialized services. Also, more on the point, other corporations as well.
And among all the various data you can give up, there is also your entire mailbox.

Allow me to be blunt here… >who< thought that this was a good idea?

I can understand if you want to count how many Merlins someone has ingame. That’s fine, all ingame stuff. This is completely invasive as well of course, but it’s just game stuff, whatever. Fine. It does have its uses.

But reading my entire mailbox? Are you, sorry to say this, out of your mind? And I’m not just saying this to the corpos that enable that. I’m saying this to the developers who actually implemented this into the game.

Maybe in some parts of the world, the idea that private emails between two individuals remain private is considered a highly esoteric concept, along the lines of witchcraft.
But in this part of the world where I am currently residing in the year of 2023, it is actually expected. Crazy!

And this happy giveaway of all your personal communication isn’t even particularly marked either!! It’s just another ESI scope, like all the rest, except for counting your Merlins, it’s reading every single letter you ever sent AND received.
Do I need to state the obvious? Sensitive data? It’s an MMO, you’re talking to people, you share some opinions, maybe you get to know them better, and you as a Developer (!) purposefully build in the possiblity(!!!), that 3rd parties can intercept every single bit of that communication???

And apparently, even all of your deleted messages???!!

I mean, I don’t mean to step too close to you. You are working very hard to create a great game and all, and it is one I appreciate.
But, just that we have a common ground here, and you know, just so we can understand each other, a common denominator if you will… you are aware (?) that access to someone’s private communication would, in most games, be considered a massive security breach ?
That leaking of someone’s private and personal data is in most countries a criminal offense even ?
I mean, outside of Iceland, apparently.

Can you see how this might ruffle some feathers with other users? I don’t mean to cause an offense, just asking, I’m just genuinely curious.
Curious like a cat, wondering why you would ever give strangers in an MMO game the power to read ALL (!!!) your private mails. AND also read your entire friendslist AND your individual standing with them, that’s also a thing that exists!

What do you guys think? Am I the crazy one here? Am I overreacting, being a Karen? Should I call the manager?
Or do some of you perhaps share the slightest bit of similiar concerns even? Let me know!

With confidential regards
-James Fuchs

If they are really that private, use a platform with actual security and not a game, nothing is private in a virtual game. Pretty sure that’s stated in the TOS/EULA.

This game is a game that encourages espionage and sabotage. To counter that, corps can do background checks, checking for suspicious mails, wallet transactions, or anything else that connects to known bad actors. EVE allows for both play and counter play.

I must delete all letters regarding Princess Aiko this very second.

@James_Fuchs It’s a bit late to talk about Privacy online these days and yes, an online game is no different than the internet. By logging in anywhere online you let “third parties” see all your info and owning a phone means that everyone who’s supposed to have your data has it, that’s from your local police precinct up to state prosecutors and all the other ABC agencies in-between including the international ones. Even your ISP has orders to give up your info.

I think it’s waaaaay too late to moan about it now.
If you don’t want stuff about yourself be broadcast then simply do not write/do it.

The ESI is too much, reading all that and contacts, all your wallet transactions, spying on all your alts, and people can hoard all this information.

Nowadays evey petty alliances ask all those, who knows what they will do in the future when you are not in the alliance anymore

Except that you can control who sees that info and turn off access once you do give access. No one is forcing you to join that corp or alliance in the first place.

Also considering all aspects within eve online is ccp property, anything you truly want private should be out of game

Say no, and join another corp. Not that hard.

I’ve used various ESI services to access my Evemail while away from the client, and for that they need ESI scopes. These services could make copies of my mail and save them for later, but probably didn’t.

If you’re a developer, then you could develop your own ESI app, or you can use an open source project that you self host so that you can use those scopes in a more secure way.

Like many things in Eve, giving away access to ESI scopes is all about making informed and responsible decisions about to whom you give your trust, and poor decisions lead to poor results, but the responsibility to understand what it is that you’re doing with your information remains your own. Don’t authorize people you don’t trust to access information you don’t want them to have.

Back in the day there was a “Facebook for Eve Online” as part of Hilmar’s perpetual chase after the latest tech fad. It was a CCP-created website social network for your Eve Character that let you do social interactions without logging into the game. This included sending, receiving, and managing your Eve Mail. They also exposed this as part of the old CRUST API or was already exposed as an API back in the day, but this was useful for Spacebook (aka Eve Gate? (aka EveO?)).

Io Koval liked this post

Wait a minute

yeah that was a smart idea

While I understand the point you’re trying to make about the general erosion of privacy in the digital age, there’s an important distinction to be drawn here.

When we log onto the internet, use a phone, or employ any digital service, there’s a certain level of understanding that our data could potentially be accessed by service providers or, under specific legal circumstances, law enforcement. That being said, there’s also an implicit trust that these entities will handle our data responsibly and not misuse it.
How does an in-game guild or corporation shape up to that level of trust or accountability? It doesn’t.
You’re not giving out your data to a trusted police officer. You’re giving it to a deranged sociopath who will immediately leverage the information gained against you to maximum effect. These two are not compareable.

Yes, agencies or ISPs might have access to certain data. Still, there’s a considerable difference between regulated entities accessing data for specific, often legally constrained reasons, and some cheesewad in a corp having unfettered access to ALL your personal in-game communications, even the deleted ones. The risks inherent with the latter need no explaining, hopefully??!

Sienna, with all due respect, I think it’s absurd to expect players to engage in a cat and mouse game with the developers, continually second-guessing if their private, confidential conversations have been plastered across subreddits or become the MOTD of numerous corpo chats.
One of the primary tasks of a developer, apart from enhancing gameplay, should be to safeguard user privacy and ensure a trusted environment. It shouldn’t be a god damn E-Sports game to keep your own messages to and from other users secure, I mean, isn’t this ridiculous? Don’t you see how absurd this is?

And just because there’s a broad erosion of privacy in many aspects of the digital world doesn’t mean we should be complacent about it everywhere. If there’s a potential risk or oversight in a game, especially one that can be easily rectified, shouldn’t we address it rather than accept it as the status quo?

You are right about one thing though, it is late to talk about this.
But it’s certainly never too late.

In essence, while I respect your perspective, I believe it’s more important to open our mouths and point out shortcomings where we can. There’s no reason why this shouldn’t be changed, and quite frankly, there’s plenty of reasons why it should.

With secure regards
-James Fuchs

I am honestly a bit surpirsed. I would have expected more from a student of Clausewitz! Seems you were not very troughout in your studies!

While you make it seem like a really obvious and easy choice to join or not join these corporations, the implications of this feature are much broader than just personal choice.

When one corporation starts utilizing a particular advantage, especially one as significant as access to private communications, it pressures other corporations to adopt the same practices. Why? Simply to remain competitive. And you can’t tell me that there is a lack of competition in Eve Online, or spies for that matter.

Over time, this leads to a game environment where these invasive practices become the norm, not the exception. For players, this translates to fewer and fewer options for corporations that respect privacy, making the “choice” you mention quite illusory (!!) (can’t increase the font size, or else I would have).

To reiterate, it’s a snowball effect. Today, one corporation demands your mails. Tomorrow, to maintain a competitive edge, others will be compelled to do the same. It’s not just about avoiding a single corporation… it’s about the broader evolution of the game’s social landscape, all because the developers provided a tool that is woefully misplaced.
It’s not necessarily with the corporations that I’m having a gripe with, because they have no other choice but to use every advantage they can get. It’s the developers that gave them this choice to begin with, and frankly, continues to escape all my attempts to understand why.

Moreover, should players honestly be expected to navigate this kind of ethical minefield in a game about blowing up ■■■■■■■ spaceships? The onus should be on the developers to ensure that the game’s features respect and protect player privacy, rather than placing the burden entirely on players to find out which corporation won’t immediately screw them over and redirect their entire mailbox to the MOTD.

With academic regards
-James Fuchs

You claim a snowball effect is going to happen…can you say when? This information has been available to corps and 3rd party developers for much of the game’s history. I think it would have snowballed by now. What is it you are trying to prevent? You should know that you are giving these people that information, and if your so concerned about private stuff on a video game…maybe don’t have those conversations on a video game platform.

I agree. It’s supposedly an anti spy measure used by corps, but then any good spy is going to be using a new account with no prior corp and no mails to anyone. So ironically the ESI works best on good old reliable long term corp members…lol.

Oh…and if you create that brand new spy alt you have to be careful not to have any contact with it in any form, even transfer of ISK, as it would seem that can be traced too.

I’m not sure why ANY such information is available to anyone. There might be some case for in-game interception of comms…but the sheer extent of it is rather absurd.

I wish I can just meet and mail my associates in privacy. Good dark poker room. Smell of cigars in the air. Discuss various business matters.

Darn ESI killing the businessman like me. Where is the humanity? I don’t like when people pry into my business. Please don’t tell me that ESI tracks private convos. I know chats are logged…

For what I recall, the pleasure palace was private.

And you don’t have to give them that data in the first place, just don’t agree to the scopes requested, there is no problem

You are assuming there is some competitive edge to ESI access. However, there is not. This is something carebear corporations do, because they are carebears. PvP players just refuse, and join corporations which don’t have silly policies.