Overlays, ISK Buyer Amnesty and Account Security

By Team Security
| Comments

  

Time to touch base on some things EVE’s Security Team has been working on and also discuss some golden oldies regarding account security. First a clarification on our rules and policies regarding overlays and other third party applications. 

EVE Online, Overlays, and You

As we receive questions about overlays and EVE Online every now and then we want to use this opportunity to further clarify our Third Party Policy on the topic.

“We do not endorse or condone the use of any third party applications or other software that modifies the client or otherwise confers an unfair benefit to players. We may, in our discretion, tolerate the use of applications or other software that simply enhance player enjoyment in a way that maintains fair gameplay. For instance, the use of programs that provide in-game overlays (Mumble, Teamspeak) is not something we plan to actively police at this time. However, if any third party application or other software is used to gain any unfair advantage, or for purposes beyond its intended use, or if the application or other software violates other parts of the EULA, we may fully enforce our rights to prohibit such use, including player bans. Please use such third party applications or other software at your own risk.”

Let’s go over this paragraph and have a look at the meaning of the important sentences:

  1. We do not endorse or condone the use of any third party applications or other software that modifies the client or otherwise confers an unfair benefit to players.
    1. In short: Do NOT use any tools/applications/modifications which either modify the client in any way OR provide you any kind of unfair benefit/advantage.
  2. We may, in our discretion, tolerate the use of applications or other software that simply enhance player enjoyment in a way that maintains fair gameplay.
    1. AS LONG AS it’s fair to everybody - neither you nor anybody else gets any unfair advantage – we are fine with it.
  3. For instance, the use of programs that provide in-game overlays (Mumble, Teamspeak) is not something we plan to actively police at this time.
    1. This is an example of something we do NOT consider unfair, for now. This also includes other in-game overlays which do NOT grant you any unfair advantage. We do not consider it an unfair advantage if you can see who is currently talking in your voice communication tool via the means of an in-game overlay. We also do NOT consider it unfair if you use other comfort overlays which do not affect how the game is played. This includes overlays for chat and IM applications, the Steam overlay, and Web-Browser overlays for example.
  4. However, if any third party application or other software is used to gain any unfair advantage, or for purposes beyond its intended use, or if the application or other software violates other parts of the EULA, we may fully enforce our rights to prohibit such use, including player bans.
    1. We do consider overlays using elements of a second or multiple other EVE clients to be against the rules. It changes the way the game is played and grants the player unfair advantages over other players. For example, having overviews from other EVE clients as overlays on one EVE client would allow a player to get real time intel from all those other game instances without having to switch to the other windows. Similarly, overlays using elements from a second or multiple other EVE clients to allow the player to activate modules etc. on those other game instances without switching to the other client windows are clearly in violation of our rules.
  5. Please use such third party applications or other software at your own risk.
    1. Please be aware of the fact that we do a lot of data analysis which grants us insight into behavior patterns and allows us to detect anomalies. In a lot of cases we do not need to know what you do on the client side because looking at the behavior in our very detailed event logs on the server side allows us to see if you have/had an unfair advantage over anybody else including the game environment. We don’t know all the tools out there and what they do exactly - and frankly we don’t care. If you get banned, then this is because the results of what you did and how you potentially gained from it manifested in our server-side logs.

ISK Buyer Amnesty Initiative

New RMT initiative: come clean, receive amnesty

The struggle against Real Money Trading (RMT) continues unabated and we are now unveiling plans for a new push on that front, which you may find interesting.  This operation is aptly named “ISK Buyer Amnesty Initiative” and details are as follows:

Let us start with everybody’s favorite reading material, the EULA:

6.B. Selling Items and Objects

“You may not transfer, sell or auction, or buy or accept any offer to transfer, sell or auction (or offer to do any of the foregoing), any content appearing within the Game environment, including without limitation characters, character attributes, items, currency, and objects, other than via a permitted Character Transfer as described in section 3 above. You may not encourage or induce any other person to participate in such a prohibited transaction. The buying, selling or auctioning (or any attempt at doing so) of characters, character attributes, items, currency, or objects, whether through online auctions, newsgroups, postings on message boards or any other means is prohibited by the EULA and a violation of CCP's proprietary rights in the Game.”

Since the collapse of the EVE Gate, humans in New Eden have longed for never-ending piles of ISK. CCP recognizes this demand, and provides PLEX – as a completely legal option for turning your real life cash into precious space bucks. 

We differentiate between those who sell ISK and those who purchase ISK through illegitimate methods, even if both are in violation of the same EULA clause above. This is because those who buy ISK are typically players. We like those.  

ISK buyers are also not in violation of the next EULA clause we’d like to highlight:

2. A. Establishing a New Account

“<…Accounts may not be used for business purposes. Access to the System and playing EVE is intended for your personal entertainment, enjoyment and recreation, and not for corporate, business, commercial or income-seeking activities. Business entities and anyone who is acting for or on behalf of a business or for business purposes may not establish an Account, access the System or play EVE.  Accessing the System or using the Game for commercial, business or income-seeking purposes is strictly prohibited.”

We cut some paragraphs here, and the highlighting is our own, because it is important. It essentially says that when you create an account, you are a person who intends to play the game for fun, and not as a way to make money.  

ISK sellers have always been permanently banned on first offense, which will continue.

ISK buyers have been handled on a two-strike policy, this will also continue:

  1. 7 day ban and removal of proceeds
  2. Permanent ban

Effective immediately, we are also offering amnesty for ISK buyers who come clean by emailing security@ccpgames.com with actionable evidence of people selling ISK. Such information should include:

  1. What you bought
  2. When you bought it
  3. From whom you bought it
  4. Proof of purchase – we’ll correlate with our own in-game logs. Usually your proof of purchase or receipt will include all of the 3 items above. 

For your honesty and cooperation, which is sincerely appreciated, you will not be banned. Other actions will be determined on a case by case basis.

We want to point out that this is not intended to encourage anyone to go and buy ISK – if you have already then you can come forward with actionable information and receive amnesty as described above. Repeat offenders who have previously utilized the amnesty program will of course not be viewed in such a positive light. 

We also want to draw attention to the “PLEX for Snitches” program which permits us to reward players with PLEX if they send us reliable and actionable information about security related issues.  For more details on this please go here.

Account Security

Since we have seen a slight increase in account hacking/hijacking recently, we also want to reiterate some of the good old advice that might help you keep your account safe.

  • Use strong passwords. Of course, passwords should not be easy to guess or brute-force so make them long and use numbers, lower and upper case letters as well as special characters to make them stronger.
  • Use Two-Factor Authentication (http://community.eveonline.com/news/dev-blogs/two-factor-authentication/). This will make it significantly harder for baddies to steal your account and characters, tamper with your personal information on the account, and cause trouble for you and us in general. We know that Two-Factor Authentication is not fully effective yet (EVE Client Login without Launcher), but the new EVE Launcher (http://updates.eveonline.com/date/2016-01-12/#32ebg) is one of the final steps to close this loophole.
  • Do not share your login information. This is some pretty basic stuff, really. If you share your login information with someone then said info is only as safe as his/her security may or may not be, you have no control over it whatsoever and if they get hacked you get hacked.  That is, if they don't just use your login info themselves to sell off all your things.
  • Do not use the same password for different EVE Online accounts. Also fairly basic - if one account is compromised then chances are that all accounts are compromised.
  • Never use your EVE Online username and password for social media, other gaming accounts or gaming forum access and the like. Sites get hacked all the time and it is even not unheard of that usernames and passwords lists are sold to unscrupulous individuals who then use them to steal your stuff.
  • Make sure your operating system is up to date. Critical security updates are no good if you don't have them.
  • Scan your computer. New viruses, key loggers, spyware and other malicious stuff is constantly being spawned, so regularly scan your computer with up-to-date antivirus software.
  • Don't click on dodgy links. Bad guys use fake login pages to harvest login info all over the place and websites with malware abound so be careful what you click on.  For millions of years, bad guys have sent people phishing messages that look legit and ask you to log into your account for one reason or another. We will not be sending you emails too often so be careful and contact us at security@ccpgames.com if you receive something suspicious.
  • Make sure your account contact information, including real name and email address, is correct in case we have to contact you or verify the account ownership for whatever reason. Also, if you need to reset your password it is important that your email address is correct.
  • Change your password and don’t store it on a post-it or in a text file. Change it regularly and frequently. If the hackers have old out of date login information then they can't steal your stuff. We also recommend that you use a state-of-the-art password manager.

P.S.

No security blog without graphs, so here you go:

All that being said, we wish you a wonderful day in New Eden!

Your friendly neighborhood Security Folks