Curse client appeal

[Aesgir]

Trying to drum up support to force Curse to change the default privacy rights on their client for Wardb.com.

The link to the original post by Fingoniel on WHA is here. WarDB.com Guild Privacy Options - Now Available! - Warhammer Forums

Text is as follows

Hi,

As of this update mentioned here:
http://www.warhammeralliance.com/for...ad.php?t=63355

You can update a guilds privacy settings to hide a number of attributes. A much welcomed change.

However this requires that the guild leader install the Curse client to identify themselves to the system in order to remove their data. I (as any person who takes their computer security seriously) have an issue with installing third party apps from companies I'm not all that familiar with.

Please change it to hide everything about a guild by default other than the publicly available info that's exported to the WAR herald. (If need be, make it default to 'On' for guilds whose leader has installed the client, since they're actively interacting with the wardb already)

This way any guildmasters not happy to have all their guild information made publically available don't have to ban outright any use of the curse client from any of their guildmembers.

Thanks,
Fingoniel

Please help by providing feedback by uninstalling if you have it installed or contacting Curse to stop this amount of info being shared, as its against the spirit of a PvP to allow these opportunities to spy.

 

[thergador]

depends of where they are located but its sounds like a data protection act and by default they but have the no rights to publish data about the individuals e-persona, haven't looked at what data they publish so can say for sure

 

[Aesgir]

I'm not sure, but i think as you have to actively download the client, it wouldn't be affected by DPA. It would be considered opt in. Tacit consent etc. That's one for the lawyers

Several guilds, including my own by request of our GM, are boycotting the client until they sort this issue. I just thought it was worth posting here as people need to be aware of this issue, and realise that everything about their guild would be published. This includes all ranks, guild events, full roster etc.

 

[Xandax]

I never install such things anyway - and do think the default options should be "no" and people should opt in and not opt out.

 

[Idris]

Will forward to our guild leader

 

[mightybunny]

Curse client is quite good. I use it to download/install WoW addons.

 

[Xanthian]

Its a good addon, but only if the community support it, if no1 uses it then WARDB wont be populated with all its items etc.

But I do agree that the private guild info should be hidden by default.
Nothing wrong with showing members, GEXP, GRP though.

 

[Downanael]

I never install such things anyway - a

This,you people sure are trusting to install this thing.

 

[Dervish]

I've banned it for now for my Guild and the rest of our Alliance has done the same. The point here is that if person A downloads it he is pretty much saying "yeah you can know anything you like about me". But, person B in the same guild has most definitely not downloaded the client or agreed to be spied on and yet becuase of person A's opt-in they are also opted-in against their free will. I'm not claiming to know much about legal this or data protection that but that has to be wrong surely?

 

[Flimgoblin]

Link to the discussion thread on it: http://www.warhammeralliance.com/forums/showthread.php?t=68420
(Aesgir has linked the original announcement)

I'm not sure it's somewhere to put a legal challenge as it's ingame data it's pulling out. Serious legal minefield trying to get that stuff classed under the DPA

I expect they'll change that guild flagging data because it'll be a huge backlash from the guilds otherwise. This is data that is meant to be confidential within the guild - there's a reason it's not listed on mythic's WAR herald.

The curse client itself gives me the willies though - I dislike the idea of installing something that could potentially be snooping my chat logs (and dislike having someone in the guild with a spybot switched on either).

Now, I very much doubt curse.com would give a flying monkeys about my chatlogs but if you gave the average marketeer that much access and a couple of perl scripts to pick out keywords, you could start profiling people and advertising specific things at them - facebook style...

I just don't like the idea of someone looking over my shoulder while I play, thanks

 

[Aesgir]

Thanks for posting that link Flim, i forgot to post that....gets thats what i get for posting at 5.30 in the morning

 

[Xandax]

Wonder if Mythic would be interested in getting involved in this?

 

[Faya]

I signed it aswell in behalf of my guild.
It is pretty useless if it shows the other realm when/if you schedule a raid for example.
The options should be optional and not by default first.

Faya

 

[Wild]

does seem strange to me to have it public by default


There is only one thing on there that does actually suck and that is the guild news .. especially if ppl are gonna use it to post about raids ..its like legal cross realming imo just remove that and nps ..


as for the rest of the information, maybe im missing somthing but all the info given is kinda "so what" aint it ? guild level / progress.. erm and ? guild email address and url .. u dont have to enter info into them fields ingame .. or any1 with google can prolly find your homepage and email address quite easy anyway

maybe im missing somthing in these options..
Hide Guild - This hides your guild profile entirely. Note: Your guild will still appear in search results.
Hide E-Mail Address - This hide your guild's e-mail address (as set in-game), from appearing on your guild profile.
Hide Web Site URL - This hides your guild's web site URL (as set in-game), from appearing on your guild profile.
Hide News - This hides your guild's news.
Hide XP - This hides your guild's progress towards its next rank.
Hide Roster - This hides your guild's roster from the guild profile and character profile pages.
Hide Last Login from Roster - This hides the Last Login column from your guild roster.
Hide Renown - This hides your guild's current renown.



though ill be the first to admit i prolly totally read this wrong and am totally missing the point ^^ if so ill keep the bucket of water handy for the flames inc to me




as for data protection act .... erm are ppl insane .. can just imagine the high court seeing a case like that ..
My Lord i will now question the proscution's main witness.
Mr XXX u say you never gave permission for the personal information on black orc "ipwnyou" to be displayed and are seeking a $2million compensation as people from the other realm are targeting you because it seems you are easy realm points with 10 kills and 230 deaths against that charater .. do you think that the "leek" of sensitive information about "ipwnyou" caused your ingame charater to die more than before the information was leeked ?

 

[Aesgir]

The thing you are missing is that it requires the GM to log on and identify, install the client, and alter all the options. Now, if the GM doesn't want to use the client, he shouldn't have his guild details broadcast, having the details broadcast should be opt in, not opt out, especially as not everyone is aware this site exists. Online info is private information too.

It reveals the info of everyone in the guild if one person has it. This is a major problem, and you would not even be aware that the enemy knows almost everything there is to know about you.

The level/class will be available on herald...that isn't an issue. It's the guild news that seems to be the main issue as you spotted. I don't want people having access to our news stream or calendar unless i choose them to. The enemy shouldn't know what i'm planning, and curse have no rights to that information.

I think you'd find that in the case of a legal challenge, it wouldn't be the players that initiated it, but Mythic/EA themselves. Data Mining is basically what this client does after all. And if can snoop your level...who says it couldn't be used to snoop account details, and therefore addresses etc. It'd be customer protection. This is of course a major leap of logic, but its not beyond the realms of possibility that an unknown company with a semi legitimate client could be a risk to the customers of Mythic.

 

[lairiodd]

How does the client actually work? Does it do a memory read from the warhammer application/thread, intercept IP traffic, or does it just parse logs of some kind?

 

[thergador]

as for data protection act .... erm are ppl insane .. can just imagine the high court seeing a case like that?

the e-persona is part of your electronic personal data that includes all aspects of it including avatars, there for falls under DPA and has been used in court. there a big issue with it at the moment in the area of research, as the global issue, are causing problems with things like the EU arrest warrant etc

 

[Xanthian]

Posted this & various other links regarding this issue on the Vengeance forum.
Not sure any cares tbh

 

[Wild]

yeah i can see the problem using a 3rd party client to "snoop" information from your computer .. sounds scarey tbh

the renown / guild lvl etc is somthing i would like to see .. like hows our guild shaping up compared to other guilds on the server etc ....

i cant see anywere about guild calander information being available though ? maybe i missed it .. but with that in mind guild news isnt were guilds are gonna post raid info tbh they will be using the calander... though still agree scrap the guild news info they want to snoop

if only mythic could get a XML database running curse wouldnt need to "snoop" via your actual PC .. rather than just grab the information from the servers direct ?

i dunno i aint no pc/network nut so maybe this aint possible .. and ofc a WORKING version would be nice .. not the 90% broken one we had on EU daoc servers .. although US servers XML worked fine as far as i can remember.


i suspose if this goes forward only thing to do is log on once disable everything and then delete the client .. still that blows donkey bollox still

 

[Flimgoblin]

The herald realmwar stuff will give similar sort of info about the guilds but:

A. it's mythic releasing this info
B. it only releases the public stuff

and I think you might be able to hide your guild info.

I'm not sure if the Curse client reads memory or just parses logfiles - it's unlikely they're going to be installing a keylogger to steal your passwords but given I don't know Curse.com I can't exaclty vouch for it.

 

[Aesgir]

Well i'm not accusing Curse of doing that ofc, i'm sure its a legit client, but i can't swear to it. That's part the issue
I think its actually a log parser rather than a data interceptor btw. It's not too clear.

To Wild: Calendar events are displayed in Guild News, so whilst not able to directly access you calendar, they don't need to. The news feed itself automatically mentions any upcoming events posted or cancelled.

 

[Wild]

the e-persona is part of your electronic personal data that includes all aspects of it including avatars, there for falls under DPA and has been used in court. there a big issue with it at the moment in the area of research, as the global issue, are causing problems with things like the EU arrest warrant etc

i suspose it would depend if law would label ingame data(like renown or guild level, charater levell) as personal data .. i doubt it but then again i aint no barrister does seem crazy to me hence my first post.

as for e-persona as you said its electronic "personal" data .. the only personal data mythic will have of mine will be when i sign up and pay via credit card .. im kinda hoping the curse client wont beable to display that info in there database .

i think curse will take thses things on tbh and we should see changes. gm's trying to stop ppl using it may find it impossible tbh .. curse is used loads in wow and ive never had any problems with any addons from there. so i think a lota ppl will be using it .. i just wonder if u can tell who is .

 

[Flimgoblin]

Yeah from reading the dev responses they seem to be quite receptive to feedback. It's just they seem to have an approach of "what info can we collect and show to make this better?" without someone asking "is this info appropriate to collect and show in our database?" until after it's already there...

 

[Flimgoblin]

Update: they're changing the defaults for release. Good to hear.

WARDB Guilds (Official Thread) - Warhammer Forums


Small note - if you want other sort of thread locked on WHA just post with /signed apparently even when you don't post a petition it's a petition if people "/sign"
(yeah I'm taking the piss I'd have probably just told people they'd seen it and to stop /signing if I saw something like that on the daoc boards though )

 

[Ctuchik]

i fail to see what the fuzz is about tbh. were talking ingame data here. its not like they are revealing your social security number or credit card info here....

 

[Ctuchik]

the e-persona is part of your electronic personal data that includes all aspects of it including avatars, there for falls under DPA and has been used in court. there a big issue with it at the moment in the area of research, as the global issue, are causing problems with things like the EU arrest warrant etc

care to post a link where that statement is true from a legal perspective?

ingame avatars and such just can not be a part of the DPA. because then blizzard wouldn't be able to have their armory up.

 

[Flimgoblin]

i fail to see what the fuzz is about tbh. were talking ingame data here. its not like they are revealing your social security number or credit card info here....

Well, it's nice to have your guild event calendar just for the guild... imagine if in daoc every time you posted an ML or Sidi raid on your alliance forums it was automatically copied to freddyshouse and suddenly you had everyone on the server turn up.

Or every time you tried to plan a relic raid you had your guild forum post replicated here...

It basically means you can't use the guild calendar or the guild news system, which is why people get a bit annoyed about it. I doubt there could be any sort of legal ramifications though.

 

[Ctuchik]

Well, it's nice to have your guild event calendar just for the guild... imagine if in daoc every time you posted an ML or Sidi raid on your alliance forums it was automatically copied to freddyshouse and suddenly you had everyone on the server turn up.

well i suppose for that reason yes.

/edit: but i still cant believe that MMO avatars (or anything ingame) fall under the data protection act because its not OUR data. we dont own anything in the game we play, heck we dont even really own the clients. we just bought the rights to use it.

 

[thergador]

i suspose it would depend if law would label ingame data(like renown or guild level, charater levell) as personal data .. i doubt it but then again i aint no barrister does seem crazy to me hence my first post.

as for e-persona as you said its electronic "personal" data .. the only personal data mythic will have of mine will be when i sign up and pay via credit card .. im kinda hoping the curse client wont beable to display that info in there database .

.

e-persona does not equal meat-space persona or personal data

the e-persona is made up of 3 parts in basic terms they are

1 the actions the real person takes in an e-enivorment
2 the persona data (this may or may not represent the true ID)
3 the avatar (still image or 3d image)

in the uk the court case's that have been to court so far have been done so on type 2 3, however there currently some action's been looked at in 2nd life todo with imitated child abuse and thus falling in to part 1. but that a very different situation

the Japaneses have had several case's based on 3, if you google(google.scholar) avatar owner ship you should be able to find some research document no these.

(note my current research is called me my-self and avatar, its about e-crime (those that are against the law, against EULA or just e-socially unacceptable ) and the effect of the avatar and the owner of the avatar. it was triggered by some getting ganked in WOW then killing the person in RL that ganked him (yes it was in the states)

but seeing as its opt in you will no dont be waving a lot of DPA rights in there agreement how ever you would then need to inform every one how you monitor that they are being monitored

 

[GReaper]

Curse needs to be careful about what they put online, if enough people complain towards Mythic they could quite easily nerf the hell out of the scripting abilities inside the client and render things like these useless.