I was struck by a post on reddit the other day where a player suggested that his alliance check the ESI for his evemail to see that he was telling the truth about some event.
Seems like corps/alliances have been asking for full ESI access to all characters on all accounts. That means they’re getting things like:
All Eve Mails (is this even legal???)
A complete list of all blueprints, with their locations (not great if you, say, own a T2 BPO).
A complete list of all manufacturing jobs, with finish times.
All structures (POS or otherwise) owned by an altcorp.
Current wallet and SP totals.
What ship the character is flying where (and I think what cargo).
All of my assets, with their locations.
I really don’t want my corp/alliance reading my mail. Also the idea that a former corp or alliance might know that my hauler alt is moving some high value produced items (as well as when my jobs finish), is a bit disturbing.
CCP should change their use policy (and enforce it) to restrict what data third parties can request for their own use. Setting up an automated forum login and the checks to see if I’m in the corp/alliance and pulls my character portrait is ok. Reading my EvE mail is not.
Such extensive security measures are a necessary thing when attempting to combat spies, Sabotage , as well as granting access to possible sensitive Corp information, etc. unfortunately eve has its fair share of skullduggery, so any corporation or alliance with even a modicum of wealth of any kind should be closely monitoring and screening on a continuing basis any attempts to harm the corporation or alliance as a whole, no matter the size of what area of space. It’s nothing against you as a player, but they have to protect the interests of the organization first. It has been that way for years, even going back to the xml api system. It’s not a slight at you, they have to protect everyone else(the needs of the many…)
Frankly, any reluctance to submit to a full esi screen should be taken as suspicious and should raise major red flags. (spai?)
If you’re absolutely that bent out of shape about an esi screen you can go to https://community.eveonline.com/sso and you will be able to remove their access rights to your account by deleting the application off of your authorized application list. Doing so will sever their access to your account, requiring you to have to reauthorize the application when you next try to access it.
Hope this helps. Feel free to reply here or eve mail me if I can answer any additional questions.
Also, as an afterthought, it’s not like they can make any writable changes to your account data, assets, etc. that stuff is entirely read only access with regard to the api
A former corp or alliance shouldn’t know that, if you withdraw their access to your ESI once you leave that corp or alliance.
And the ESI privacy is there. You just choose to give up some of that privacy when you share it with people you trust (such as your corp and alliance), but that’s your choice. You don’t have to share it. Not giving up this part of your privacy may result in not being able to join that corp or alliance, but it’s your choice nonetheless. You could join another corp that requires less insight, play solo or create your own corp and share none of your privacy.
Also, if for example you want to join a corp that asks you to give up privacy on things you want to keep hidden like you say (T2 blueprints, wallet size, expensive hauling, spies, spicy emails, etc.) you could maybe do so on an alt unknown to your corp or alliance.
The amount of ESI privacy is your choice. So there’s no need for the game to ‘increase’ it.
It boggles the mind that anybody would give their corp/alliance their ESI key. And yet, nullsec is full of tens of thousands of players who are eager to put their own leashes on so that they can follow their masters.
Those same nullsec blocs have trillions and trillions of isk and assets worth thousands of dollars, and they need to protect that so that their whole infrastructure doesn’t come crashing down. They kind of have to be cautious.
If I give up some of my ESI information, it means that the people I fly with also have given up that same info and are just a tiny bit more trustworthy and less likely to be spies* and stab me in the back. I think that’s worth it, as I don’t care about the ESI privacy I’ve given away.
I mean, I’ve even given up some of my ESI information to Zkillboard for free! My corp didn’t even ask for it, I just like that Zkillboard can see my killmails and make them public.
What’s so bad about giving away certain information?
*(We’ll have spies nonetheless, but this will make it take more effort.)
It’s easy to go through the ESI list to see which things you give your corporation access to and which things you don’t give access to. And for each of those things, ask yourself whether you mind giving up that piece of privacy.
For me, I don’t care that they can read through the spam in my mail folder. Most of those mails are written by the corp anyway. Same for all of the other things in that list. ‘Oh no they can see when I’m online!’ or Oh no, they can see my positive Trig standing they must think I’m a traitor!
If you really want to keep your spicy emails secret, feel free to play solo or find a corporation that doesn’t do background checks. In that last case, don’t be surprised to find your expensive ship occasionally tackled at the wrong time by ‘friendly’ fleet members.
Basically they have access in read only mode to your account. Which is literally what the API is used for. A few elements are not available (your current boosters for example, the bookmark API is dead, your list of avoided systems), but otherwise this is required to make 3rd party app that are useful.
The only things that can be written to, that I know of are fleet motds, and mails, and I think fittings, but even the remote possibility of spoofing mails can be countered if you know how to do it. I’ll explain more after I get some rest. I’ve been up for 3 days and I am exhausted.
all the PUT and DELETE operations here.
also some operation from POST but not all since POST also allows to transmit more data than allowed from the URL (limited to 200 characters ?)
accept an event
CRUD char contact
CRUD char fittings
CRUD fleet members, squads, wings.
CRUD mails and mail labels
show contract/character/corporation/alliance information window in the game.
create a mail, ready to be sent (duplicate with CRUD mails ? )