Greetings EVE Citizens!

 

Today I want to bring you an update from Team Security and our wonderful Team Mammon, responsible for our Account Management system, in extension to the Fanfest presentation  from Team Security this year. In the presentation we discussed some of the upcoming security improvements coming to EVE, and today we’ve got some of this hitting Tranquility!

Specifically, we’ve been working on ensuring that we always have a valid email on file to contact you , especially for things like petitions. This is not only critical for if you should lose access to your account, this is also a requirement for some of the security features we’ve got coming down the pipe.

As of today, any new account created will be sent a mail with instructions for how to validate their email with our system. All new accounts will have to go through this step, as is standard these days for almost all online games. When you sign up for an EVE Online account, you’ll be greeted with this:

 Existing accounts can also optionally verify their email with the button on Account Management. This will ensure that we will be able to contact you, and once we’re ready to discuss further some of the other projects we’re working on, accounts with verified email will be able to opt into these new systems without having to verify their email at that time. To verify the email on an existing account, simply go to Account Management and click the “Edit account information” button under the “Account” tab, and you’ll see a button to verify the email:

As an additional bonus, we've added a nice little feature that may help those of you out there with multiple accounts. We're adding a new feature which allows you to see all accounts with the same email, directly from Account Management. This will help people to keep overview of accounts they own and be able to log into them with the username field already filled in. The feature can be reached on the front page of Account Management:

We’d like to encourage everybody to head over to Account Management today  and verify their email at this time to ensure that we’re able to contact you and that you are able to successfully recover an account should the need arise.

On behalf of Team Security and Mammon!
CCP Stillman

 

On June 26, 2013 at 23.00 EVE Time our security team was made aware of a potential information leakage in the new version of EVElopedia which was deployed just hours earlier. In response, our operations team took EVElopedia offline for maintenance while our engineers started investigating the issue.

The issue was reported as a part of our “PLEX for Snitches” program, which rewards responsible disclosure of security flaws in CCP products and infrastructure. We greatly appreciate all reports we get through said program and in this case, the helpful pilot who submitted it received a handsome reward indeed.

Our engineers are currently working to resolve the issue, and as such the EVElopedia will remain offline until such time as maintenance is completed. 

Greetings honourable spaceship pilots!

As mentioned in our last dev blog, we’ve been putting a lot of effort into some exciting things in our war on people who violate our EULA and TOS and try to cheat in New Eden. This is of course behavior we do not accept happening, and we’ve been taking steps to address this problem.

You may have read different third-party blogs by now speculating about some recent addition to our technology that aims to combat client modification. We’re watching the reaction to the steps that we’ve taken, but today I want to share with you some information about our efforts and address some concerns we’ve been seeing over the last few months in regards to what our EULA and TOS permits.

Action taken against client-modification

I want to start off with letting you know about action we took today during downtime. Through our new detection systems we detected 2350 accounts as using a specific hack, “Autopilot to zero”, which is strictly against our EULA, as it is only possible with client modification. Our normal policy for dealing with client modification is to apply a permanent ban to accounts in question and any associated account.

However we recognize that we’ve addressed the particular issue of client modification poorly up until this point, and specific types of client modification may have been seen as “acceptable” to some people as a result of our inaction. Therefore, we’ve made an exception for most of the 2350 accounts affected today, and only applied 30 day bans. In the cases where we’ve determined that the accounts were in violation of other parts of our EULA or also were detected as using other client modification, we applied a permanent ban instead.

It is extremely important to stress that this was a 1-time exception. In the future, we will be sticking to our normal policy where client modification is a permanent ban.

A word on our detection methods and client modification

We’ve heard a lot of concerns from people who are afraid that “legitimate” applications, such as Fraps, Teamspeak, and Mumble that interact with the EVE process in different ways could result in false positives to our detection system. We’ve also heard concerns from people about privacy and to which extent we go to look for client modification.

From our perspective, it makes no sense to ban people for the use of programs that don’t give them an in-game benefit in the same way that bots and other modifications to the game do. Our detection methods work on the principle of looking for known signatures of these malicious programs that enable this. We do not at this time extend beyond our own process. We only care about what is going on in the EVE process at the time of execution at this stage. Here’s what our EULA covers in this regard:

7.D. MONITORING

You agree that CCP may remotely monitor your Game hardware solely for the purpose of establishing whether in playing the Game and accessing the System you are using software created or approved by CCP, or whether you are using unauthorized software created by you or a third party in contravention of Section 6.

It should be clear to everybody that we have no interest in banning people who do not do anything bad in New Eden. How can you know for sure though? Unfortunately, I’m afraid you’re going to have to take my word on it, but I think it should be pretty obvious that we’re not gonna ban people that are not doing bad things. Here’s what the EULA considers bad in 6.A:

2. You may not use your own or third-party software to modify any content appearing within the Game environment or change how the Game is played.

3. You may not use your own or any third-party software, macros or other stored rapid keystrokes or other patterns of play that facilitate acquisition of items, currency, objects, character attributes, rank or status at an accelerated rate when compared with ordinary Game play. You may not rewrite or modify the user interface or otherwise manipulate data in any way to acquire items, currency, objects, character attributes or beneficial actions not actually acquired or achieved in the Game.

As well as 9.C:

You may not reverse engineer, disassemble or decompile, or attempt to reverse engineer or derive source code from, all or any portion of the Software, or from any information accessible through the System (including, without limitation, data packets transmitted to and from the System over the Internet), or anything incorporated therein, or analyze, decipher, "sniff" or derive code (or attempt to do any of the foregoing) from any packet stream transmitted to or from the System, whether encrypted or not, or permit any third party to do any of the same, and you hereby expressly waive any legal rights you may have to do so. If the Software and/or the System contains license management technology, you may not circumvent or disable that technology.

This extends to multiboxing software. Some of the multiboxing software out there is powerful enough to count as “client modification” if used for that purpose. Our stance on third-party software is that we do not endorse such software as we have no control over what it does. As such, we can’t say that multiboxing software isn’t against our EULA. But the same goes in this case, that unless we determine that people are doing things beyond “multiboxing”, we will not be taking any action. We only care about the instances where people are messing with our process for the purposes of cheating, and running multiple clients at the same time is not in violation of our EULA in and of itself unless it involves trial accounts.

General policy update

In extension to the above, we’ve taken steps to address concerns about our policy on different subjects that may not have been completely clear in the past due to contradicting messaging. We’ve created a page that addresses different concerns you may have about third-party programs. You can find it here:

http://community.eveonline.com/support/policies/third-party-policies/

We will add to this as appropriate. But for now, hopefully this dev blog clarifies things a bit more.

 

Update:

We have been receiving a lot of feedback about our statement on cache scraping. Please see the following forum post for further details:

https://forums.eveonline.com/default.aspx?g=posts&m=2900665#post2900665

  

Greetings honourable spaceship pilots!

As mentioned in our last dev blog, we’ve been putting a lot of effort into some exciting things in our war on people who violate our EULA and TOS and try to cheat in New Eden. This is of course behavior we do not accept happening, and we’ve been taking steps to address this problem.

You may have read different third-party blogs by now speculating about some recent addition to our technology that aims to combat client modification. We’re watching the reaction to the steps that we’ve taken, but today I want to share with you some information about our efforts and address some concerns we’ve been seeing over the last few months in regards to what our EULA and TOS permits.

Action taken against client-modification

I want to start off with letting you know about action we took today during downtime. Through our new detection systems we detected 2350 accounts as using a specific hack, “Autopilot to zero”, which is strictly against our EULA, as it is only possible with client modification. Our normal policy for dealing with client modification is to apply a permanent ban to accounts in question and any associated account.

However we recognize that we’ve addressed the particular issue of client modification poorly up until this point, and specific types of client modification may have been seen as “acceptable” to some people as a result of our inaction. Therefore, we’ve made an exception for most of the 2350 accounts affected today, and only applied 30 day bans. In the cases where we’ve determined that the accounts were in violation of other parts of our EULA or also were detected as using other client modification, we applied a permanent ban instead.

It is extremely important to stress that this was a 1-time exception. In the future, we will be sticking to our normal policy where client modification is a permanent ban.

A word on our detection methods and client modification

We’ve heard a lot of concerns from people who are afraid that “legitimate” applications, such as Fraps, Teamspeak, and Mumble that interact with the EVE process in different ways could result in false positives to our detection system. We’ve also heard concerns from people about privacy and to which extent we go to look for client modification.

From our perspective, it makes no sense to ban people for the use of programs that don’t give them an in-game benefit in the same way that bots and other modifications to the game do. Our detection methods work on the principle of looking for known signatures of these malicious programs that enable this. We do not at this time extend beyond our own process. We only care about what is going on in the EVE process at the time of execution at this stage. Here’s what our EULA covers in this regard:

7.D. MONITORING

You agree that CCP may remotely monitor your Game hardware solely for the purpose of establishing whether in playing the Game and accessing the System you are using software created or approved by CCP, or whether you are using unauthorized software created by you or a third party in contravention of Section 6.

It should be clear to everybody that we have no interest in banning people who do not do anything bad in New Eden. How can you know for sure though? Unfortunately, I’m afraid you’re going to have to take my word on it, but I think it should be pretty obvious that we’re not gonna ban people that are not doing bad things. Here’s what the EULA considers bad in 6.A:

2. You may not use your own or third-party software to modify any content appearing within the Game environment or change how the Game is played.

3. You may not use your own or any third-party software, macros or other stored rapid keystrokes or other patterns of play that facilitate acquisition of items, currency, objects, character attributes, rank or status at an accelerated rate when compared with ordinary Game play. You may not rewrite or modify the user interface or otherwise manipulate data in any way to acquire items, currency, objects, character attributes or beneficial actions not actually acquired or achieved in the Game.

As well as 9.C:

You may not reverse engineer, disassemble or decompile, or attempt to reverse engineer or derive source code from, all or any portion of the Software, or from any information accessible through the System (including, without limitation, data packets transmitted to and from the System over the Internet), or anything incorporated therein, or analyze, decipher, "sniff" or derive code (or attempt to do any of the foregoing) from any packet stream transmitted to or from the System, whether encrypted or not, or permit any third party to do any of the same, and you hereby expressly waive any legal rights you may have to do so. If the Software and/or the System contains license management technology, you may not circumvent or disable that technology.

This extends to multiboxing software. Some of the multiboxing software out there is powerful enough to count as “client modification” if used for that purpose. Our stance on third-party software is that we do not endorse such software as we have no control over what it does. As such, we can’t say that multiboxing software isn’t against our EULA. But the same goes in this case, that unless we determine that people are doing things beyond “multiboxing”, we will not be taking any action. We only care about the instances where people are messing with our process for the purposes of cheating, and running multiple clients at the same time is not in violation of our EULA in and of itself unless it involves trial accounts.

General policy update

In extension to the above, we’ve taken steps to address concerns about our policy on different subjects that may not have been completely clear in the past due to contradicting messaging. We’ve created a page that addresses different concerns you may have about third-party programs. You can find it here:

http://community.eveonline.com/support/policies/third-party-policies/

We will add to this as appropriate. But for now, hopefully this dev blog clarifies things a bit more.

 

Update:

We have been receiving a lot of feedback about our statement on cache scraping. Please see the following forum post for further details:

https://forums.eveonline.com/default.aspx?g=posts&m=2900665#post2900665

  

Greetings law-abiding citizens of New Eden!

Today I bring you graphs and news that I hope you all will enjoy. Specifically, I want to discuss the current progress being made on the botting/RMT front, and some changes that are currently ongoing here in CCP land.

The war on bots in 2012

The last few weeks have been a busy time on the anti-botting/RMT front. We’ve been hard at work catching ~bad guys~ and applying the Ban Hammer™ to those unscrupulous individuals who decide to violate our End-User License Agreement and Terms of Service. This has been a slightly different push than what we’ve been doing in the past, but has yielded a lot of interesting results.

Unfortunately it’s still too early to talk about that at this time. I do however want to go back a bit and revisit one of the initiatives that originally was trialed with the EVE Security Taskforce in 2011, and was reinstated in full force by Team Security in February 2012. That is what we colloquially still refer to as “ESTF Bans”, or in layman terms, our multi-faceted banning system which stops bad guys in their tracks.

The system ties greatly into the policy that we put in place at the same time back in 2011, which had the goal of making our overall stance towards this malicious behavior more clear and reflect that in the punishment which was handed out. Specifically, we spoke in terms of the “Three Strike System”, and the goal was to curb behavior and forcibly motivate people to play fairly, while allowing people who thought engaging in this behavior was OK due to our previous lax policy on this to become law-abiding citizens once again. The soon-to-be-obsolete-“Three Strike System” is as following:

• 1st strike for botting is a 14 day ban
• 2nd strike for botting is a 30 day ban
• 3rd strike for botting is a permanent ban
• Any client modification is a permanent ban on first offense
• Any involvement in RMT is a permanent ban on first offense

While we heard from a lot of you initially that this policy is too kind on the bad people, our goal at the time was to induce a gradual change and engage in a “slow burn”, that is to say tackle the issue as a long-term problem rather than trying to solve the issue all at once, which isn’t viable. We’ve always been open to iterating on our process and policy when appropriate. We always use data to guide our decisions, and this is no different. Here’s a graph showing you the “ESTF Bans” for 2012 Q3 and Q4:

 

 

As you can see from this graph, the there’s a few interesting trends to observe:

• 1^st strikes have been trending downwards(-2.1155x + 127.76, with a x being a week)
• 2^nd strikes trended down in Q3, but was stable throughout Q4
• 3^rd strikes have become rare since the end of Q3, and even then it was sporadic

Moving to a 2 strike policy

From the analysis and discussion we’ve had on this subject based on this and more data, we feel like this is now a good time to tighten this system up. As such, effective today, this is our new policy 2 strike policy:

• 1st strike for botting is a 30 day ban
• 2nd strike for botting is a permanent ban
• Any client modification is a permanent ban on first offense
• Any involvement in RMT is a permanent ban on first offense

This reflects our increased efforts towards stopping people from engaging in behavior that is damaging to New Eden and all of you who play by the rules. It’s another change we’re happy to make with the goal of making life harder for those that do not want to follow the rules. We hope you appreciate these changes. A lot of you have been asking for this change for a while now, and we feel the time is right. Of course, we’re always looking and weighing options as to increase the pressure and make these people’s life harder from more angles. Any ideas you may have as to how to achieve this is something we greatly appreciate. We will also be doing our year-in-review session at Fanfest for the third year in a row now. There we’ll be sharing a lot more data and pretty graphs with you about the war on bots. We look forward to seeing as many of you there as possible!

Organizational changes

We’re currently going through some organizational changes in regards to the team that handles matters like these. Due to CCP Sreegs leaving CCP to pursue other opportunities, Team Security will be taking a new shape under different management and with a new team member.

The team will now consist of:

• CCP Peligro, The enforcer of the law™
• Lead GM Grimmi, Policy and supervision
• CCP Doppel, Bot Killer Deluxe
• CCP Stillman, Engineering and backend work

This team will be overseen by the VP of Customer Relations Management, and this will not impact the work being done by the team.

 

That is all for now. We hope to see you all at Fanfest!

 

 

New to EVE? Start your 14-day free trial today.
Returning pilot? Visit Account Management for the latest offers and promotions.