Friday, May 2, 2014

Fanfest 2014 - Security First Impressions

I've blown up my schedule for today, as I first decided to try to play EVE:Valkyrie but then became impatient and decided to go back to my hotel until 4pm.  Sorry, but playing a combat flight simulator doesn't have that much appeal that I"m willing to wait an hour to play.

I attended first the Security presentation and then the roundtable.  The presentation was rather interesting because we got to see some numbers CCP had not shared in the past.  For example, the automatic bot detection system only accounts for 10%-20% of all bans.  Another is that 1/3 of all accounts that were hacked since January 2013 had purchased ISK from the secondary RMT market (i.e. illicit ISK sellers).  And of course, that newer players (under 100 days old) were more likely to purchase ISK from an illicit ISK site.

If I can throw in a little roleplay into the subject.  The characters banned were broken down by race/bloodline and the Vherokior, at 3%, were second only to the Jin-Mei for race with the lowest percentage of characters banned.  Did I mention that both of my main characters are Vherokior?

The big news, at least for players, is that the punishments for purchasing ISK are changing.  The old policy is that a player gets a warning for a first offense and is banned if caught buying ISK four times.  Under the new policy, the penalties are:
  • 1st offense: 7-day account suspension and removal of all purchased ISK/items.
  • 2nd offense: 21-day account suspension and removal of all purchased ISK/items.
  • 3rd offense: PERMANENT BAN.
Remember that chart shown in the Economics presentation yesterday?  Looks like I'll need to start the monitoring effort back up to see if the new penalties have any effect.

The security roundtable was a bit delayed in starting because people were asking questions during the presentation while the team was giving their talk.  Charlie Eriksen (the player formerly known as CCP Stillman) was there along with three guys in Pandemic Legion shirts, Chribba, and a host of others I didn't recognize. 

The conversation began with a discussion on multi-factor authentication.  I think some in the room were irritated that bringing that to EVE was first discussed back in 2011 and still has not happened.  I really wonder if that will happen before CCP figures out single sign-on (SSO).  Not sure how much influence the security team has in making that happen. 

The second main topic discussed was account sharing.  The way the geo-tracking works, using an automatic system would result in the banning of 25%-30% EVE accounts.  Not good.  I know that people in the room would like to share characters, but EVE is an MMORPG.  That whole sharing thing kind of violates the spirit of the game.  Besides, I can just think of the increased mess that customer support would have to deal with.

One interesting tidbit that came out is that CCP is rethinking its approach to accounts and we will hear more at the EVE keynote in a couple of hours.

The third topic was, of course, bots and RMT.  One player wondered why not just go after the people running level 5 missions and other high value content who don't buy anything and just transfer the ISK to other characters.  One of the PL guys shot back that he's run 30 level 5 missions in a day, does that make him a bot?

This post is just something I dashed off real quick between sessions.  I really need to see the presentation on YouTube in order to get all of the actual numbers.  This is one of those cases in which watching from home was probably better than being in the audience.  CCP has stated that they will come out with a dev blog soon.  I'll need to come out with a more in-depth post as well.


  1. Hmmm. geotracking might flag me. I play eve on a laptop that travels with me.

    1. Glad they don't do it then. Imagine all the fun with everyone logging into the game from Iceland during Fanfest.

  2. Geotracking isn't the only method, though. They could also use data about times, specific client used, etc... to narrow it down.

    If someone uses the exact same client (same machine) to log into eve from different cities over a few days, not an issue.

    I don't think this is a topic CCP wants to address, as they know how wide spread it is with certain high profile ships and pilots in 0.0

    If someone logs in from two locations using different machines 1000 miles apart within an hour, something might be wrong :)