Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Concerns about storage of ID's/test process, Starvault closes thread.
psykobilly
Member Posts: 338
Hey guys,
I just posted this over at Mortal forums:
http://www.mortalonline.com/forums/66860-not-giving-starvault-my-id.html
Here is the content in case it gets deleted (TLDR below):
---
"Among other things, I am a data privacy expert here in the US as part of my daytime career. I have much experience with the payment card industry and the regulations around storage of private data. I can tell you that safe storage of private data is no simple matter, and is subject to hefty regulations around the globe.
Starvault: You should not be requesting ID cards for your test program. You are subjecting yourself to legal liabilities you do not want. Proper secure storage of credit card information is difficult enough, but scans of ID's can contain additional sensitive information.
I strongly recommend people not provide scans of their ID's; Starvault is a software development company, not a security company.
Starvault you should be thinking of other ways to verify trustworthiness than someones ID. Participation in the historical bug tracker is one way. Long term play is another.
You also need to be realistic here: people are going to tell their guild mates and friends about what happens on the test server. It is 2011, and we have the Internet - if someone want to anonymously post a video of the test server, they can do it and get away with it, regardless of signing an NDA. That shouldn't matter. People should be able to post their test server experiences publicly (it should have its own forum), that way the information gets out to everyone. You are looking at the test server process completely the wrong way: you should WANT open public discussion of the results. Right now it just looks like you are scared of what people might say.
Chill out on the test server process. Customers will respect you much more if you open up the process and let information flow freely. I want to help you guys test, so please come to your senses."
---
TLDR:
Point 1:
I'm concerned about secure transmission of ID's and Starvault's ability to safely store scans of peoples ID. They don't have any expertise in secure data storage and don't have a secure transmission method for accepting ID's, nor any knowledge of regulations governing such.
Point 2:
The test process should be egalitarian and provide information openly to all. The information will be leaked anyway, so there is no point in trying to restrict it.
The responses by Gradius and Black Opal were Starvault douchebaggery at its finest.
Comments
StarVault has no legitimate reason to require a scan of anyone's identification. Period.
-Letting Derek Smart work on your game is like letting Osama bin Laden work in the White House. Something will burn.-
-And on the 8th day, man created God.-
I can only agree. But I'm afraid ordinary reason does not apply here; SV will have the fanbots lining up with their IDs ready anyway, that's just the way that kind of people work. Some of them would probably even pay SV for the chance of testing the game.. oh wait... :P
This should keep all but the most starry-eyed fan from enrolling.
I win!!! LOL@U
PB first I have to wonder as to how you have not been banned from the forums over there yet lol. I know Opal/Shinzon lurks over here and I am surprised he has not banished you for speaking your mind. They have banned people for much less and I am talking about most of your guild lol. Much Kudos.
I agree I do not understand why they would be so sevretive about the testing process there are many games that have open and public test servers. It is not closed beta. I am starting to think that they put this out to say "hey look we want testers" because who in thier right mind would give SV an ID when they also have your CC info. We all know they have billed people multiple times more than once among other shady tactics.
I mean I am sure thier are some fanbois that will do it, hell there are idiots talking about they would give SV money to help development. I guess the hundreds of thousands of dollars they pissed out the window was not enough.
Good luck getting it changed I see they both told you to piss off basically. And there is no open debate about changing it.
http://farm6.static.flickr.com/5056/5405334463_871abcda69_z.jpg
Wow. I wish I could still be shocked at the foolish things that people do -- but sadly I'm not. But I bet they'll get plenty of testers to play ball with them. People are too stupid for their own good.
Is it any surprise that identify theft is so prevalent these days with such a bounty of willing victims for them to prey upon?
GM Gradius
GameMaster
Join Date: Mar 2011
Rep Power: 15
Sorry to be a bit blunt but we are not forcing you to participate.
__________________
Last edited by GM Gradius : Today at 21:18.
#3 (permalink)
Black Opal
Community Manager
Join Date: Mar 2011
Rep Power: 15
This is a voluntary program, if you do not agree with the terms that we have outlined, simply do not participate. If you believe that your ID will not be given the proper care and security, then once again simply do not participate in the program.
I am closing this thread, as there is nothing else to discuss.
__________________
Share MO with others
Nice attitude by the SV staff. Seems the OP was only trying to voice a few well deserved concerns, even the submittal method isnt secure.
I win!!! LOL@U
First of all, GM gradius's first response was different than the one now posted. I responded about what an 'asshole response' it was, and got an infraction as well as a deleted post - Gradius then changed his original post, acknowledging that it was in fact, an 'asshole response'. So yes, Opal is fighting to get me out, as much as I want to get him out of his horribly undeserved position.
It is a step forward that they want to have testing at all, but not at the expense of consumer privacy. It is a violation of every privacy regulation I know of to request that a scanned ID be sent over EMAIL (SMTP is unencrypted). Then there is the question of secure storage and secure deletion if the test process is revoked or discontinued. I'm not sure of the specifics of Swedish law, but I certainly assume there are provisions in place aganst it.
https://www.privacyinternational.org/survey/phr2003/countries/sweden.htm
There is an overview, so Sweden is subject to the data protection standards of the EU. I'm quite certain accepting ID scans over cleartext email is a violation of EU data protection standards, but maybe someone with direct experience can comment.
The test process should be open and allow the free flow of information to prevent a group of testers from gaining any advantage from the test process, regardless of the privacy issues.
i mean "Who cares?", i really would know a bunch of people who they are, even when i paying the sub just for the lulz
Well I am sure PB that Shinzon/Opal wants to keep a short leash over the power of MO no he is in charge.{mod edit}
With Sindas, Shinzon, Layalh and whomever else from AI is a mod or councler they control all infomation and information is power. Or was it by accident they were the first with a tower after Dawn?? How did they know what skills to get to make one?? Maybe because most of them are testers or they just know because they are in the info loop. I am sure they are keeping a close eye on who gets to be a tester and this is just a way to weed people out because only the blind fanbois are going to ready up thier ID.
Again is this closed beta?? Why such secrecy for features being tested for soon patches?
http://farm6.static.flickr.com/5056/5405334463_871abcda69_z.jpg
im hugely disappointed that you didnt enrol in the testing process billy, you've always seemed the best person for the job in my eyes. such a shame they ask for ID, im really not sure of the reason?
Billy use this
I win!!! LOL@U
Pure win! Thanks for the laugh...
A man is his own easiest dupe, for what he wishes to be true he generally believes to be true...
I've reported earlier that the mortal's logfiles stored our account names and password in plaintext, and they just laughed it off saying "WoW does it too !" ... right. I'm not really confident in their ability to secure our personal data after that.
I don't think anyone should be supporting the kind of privacy violating program SV is suggesting (unless they send them the McLovin ID).
The only reason I can think of for asking for ID's is that they want to be able to go after someone if they catch them in an NDA violation.
IMO a completely stupid approach to the test process... make the information available to all for maximum feedback from everyone. I don't see what they fear about letting people see the test server, unless something is really, really fucked up. If a few people see some game mechanics before they are released, so what if they talk about it? It's more amateurish leadership from SV.
last time i photocopied my passport for work (checking up everyones legal working rights in the uk or something) they lsot them all. Since then i have refused to photocpy any form of id. However my main reason for not signing up as a tester is because unlike billy i feel i wouldnt be much use as a tester. I think during the beta i posted a total of 3 bugs and spent most of my time jsut playing. I also think clandestine would be a good tester to billy, at least from what he tells me
there are 2 types of mmo, imitators and innovaters.
Many schools ask you to send your ID via e-mail too...
So, they get your CC info and ID? Im not really sure but it seems like thats pretty much what you need for ID theft.. (note: i have not done an ID theft, so i wouldnt know, but it makes sense.)
Let's just face the facts... no other MMO in the history of mankind has asked for this kind of information while the game is LIVE, for just accepting TESTERS.
So if you give your information to SV, just hit yourself in the head with a hammer because you're a moron... combine this with the credit card info they already have on file and just wait for the fraud to begin. I am amazed they would even ask for something like this, but given how unethical SV has been thus far, it really is par for the course.
As someone who has played MMO's for over 15 years, I can attest to the accuracy of Herc's post.
There has never been a game that asked for ID to use a test server, and in fact access to test servers has always been an open process. Just DL the test client and log in.
Of course those were test servers for companies that knew how to code. I have a feeling the NDA is because anyone on the test server will immediately see that SV codes entirely by the trial and error method - every single one of their patches is evidence of that.
What I find amazing is that they locked the thread stating that there was nothing to be discussed. Seeing that I have never heard of a game developer/publisher requesting a scan copy of it's customers identification, I would think that there was a lot to discuss.
We seem to be having a discussion here on these forums.
http://www.entropiapartners.com/?r=22415
LOL you seriously played pc games about 15 years? oh man what a live i havent
On topic, have they given a reason for demanding the ID yet? Or a reason for an NDA at all, as no other post release test server has had one to my knowledge.
They haven't given a reason for ID or for the NDA. They are obviously scared of what the playerbase might hear from the testers.
The only response has been "If you don't want to submit your ID, don't join the program". Basically they speak to their playerbase as if they were a bunch of 7-year old children. I think it's quite likely they are in violation of EU, and by extension, Swedish privacy law, and I'm still investigating this.
Well, you did throw a tantrum about not wanting to do something that was 100% voluntary... I'm afraid your investigation will come to the same conclusion.
I would think most long term players hoping for MO's success would be compeled to test. Obviously whatever SV is doing is not working. Wanting an ID for a test of a released game is just a slap in the face. Who would want to give SV your ID with their history.