On the utility of Logs, Receipts, and Proof

Jennkryst

@bear_necessities I once, in the long-long ago, loosely considered the idea of this, and then part of the +policy was ‘everybody log everything yourself’… then if issues arose, I go ‘hey… +policy says to log shit. Both of you send me your logs.’ And then compare. If they are the same, I don’t need to pull the master log to find out which person is lying.

You know, the principle behind police wearing body cams. Document everything. But better, because there is a way to tell if people are doctoring things. So I have no reason to go into the master log unless someone forces my hand, and then the person who submitted the fake log might also just get banned, themselves.

But that’s like… still too much work, and doesn’t feel like it solves any issues.

IoleRae

“Monitor everything” is not a good response to the possibility of rule breaking. “Monitor everything” — just, put it in ANY other context and it suddenly becomes clear why it’s such a problem.

I hope

Dear god I hope

Jennkryst

@IoleRae Yup. It was the long-long ago, so I was young(er) and dumb(er) and thought a panopticon could maybe work, before I even knew there was a word for it. No privacy gets violated unless somebody lies about a log and I have to go comb through shit to find out what the truth is, and woe unto anyone who made me do work.

But. Turns out it’s easier to scare most of the problem people away by having all the cool bullies there. Who knew?

Pax

@Jennkryst Logging everything is not the objective end-all of problematic behavior. Logging everything as a policy to handle player conflict still requires a lot of people to be good actors along the way, completely irrespective of editing logs.

Logging everything doesn’t account for:

• Out-of-band communication (isn’t it funny that it’s called Discord?)
• Staff and players having the same or comparable thresholds of discomfort, OR
• Staff accepting and believing that something can make a player uncomfortable even if it doesn’t make that Staffer personally uncomfortable
• Lack of bias on the adjudicating party
• Slut-shaming

And that’s a partial list off the top of my head while I’m sleepy on a Wednesday.

It’s not like bodycams on the police, not at all. Cops are at work and they have lethal weapons in their pockets. No, this is like putting a camera in your bedroom and your living room and in the shower with you and then combing back through that footage every time you have a grievance with someone.

IoleRae

Privacy has intrinsic value. It is valuable because it is privacy. Logging everything violates it by creating a record that can be combed through. If that record does not exist, you have privacy. If it does, you do not.

Ares’s ability to opt-in/consent on the spot to capture a particular problem is EXACTLY right. It is the correct level of trade between privacy and protection. I can say ‘please capture this in a way I cannot alter’ and send it up, without having to worry about my RL medical woe discussion going across a staff channel for lulz.

Jennkryst

@Pax said in On the utility of Logs, Receipts, and Proof:

@Jennkryst Logging everything is not the objective end-all of problematic behavior. Logging everything as a policy to handle player conflict still requires a lot of people to be good actors along the way, completely irrespective of editing logs.

Logging everything doesn’t account for:

• Out-of-band communication (isn’t it funny that it’s called Discord?)

So much in the long-long ago, this was pre-discord! I mean, there were other off-game methods, but I choose to hyper-fixate on this!

@IoleRae said in On the utility of Logs, Receipts, and Proof:

Privacy has intrinsic value. It is valuable because it is privacy. Logging everything violates it by creating a record that can be combed through. If that record does not exist, you have privacy. If it does, you do not.

Ares’s ability to opt-in/consent on the spot to capture a particular problem is EXACTLY right. It is the correct level of trade between privacy and protection. I can say ‘please capture this in a way I cannot alter’ and send it up, without having to worry about my RL medical woe discussion going across a staff channel for lulz.

How far back does the Ares opt-in go? Like if a week later someone else points something out and it clicks in your head, is that somewhere?

Rathenhope

@Jennkryst said in On the utility of Logs, Receipts, and Proof:

How far back does the Ares opt-in go? Like if a week later someone else points something out and it clicks in your head, is that somewhere?

This depends on how the game has been configured. Ares game have a configurable retention period for things like channels and pages, after which they’re deleted. As long as you’re within the retention period you can report it.

@IoleRae said in On the utility of Logs, Receipts, and Proof:

Ares’s ability to opt-in/consent on the spot to capture a particular problem is EXACTLY right. It is the correct level of trade between privacy and protection. I can say ‘please capture this in a way I cannot alter’ and send it up, without having to worry about my RL medical woe discussion going across a staff channel for lulz.

I am, unfortunately, going to ‘well, actually’ this. Because I love the Ares report feature, but by its very nature, it has to log all pages and channel messages and hold them on the server for it to work. If you can log into Ares and see something like a page, or a channel message, it’s currently stored on the server. While that data may not be immediately viewable to an admin, someone with direct access to the server (so, in most cases, the game runner or server admin) can access the database and view everything that’s within the retention period if they so desire.

And that’s not unique to the report feature - by the nature of Ares itself it needs to store that data so you can have offline pages, page history, channel history and so on.

Though, as I harp on about nearly every time the subject comes up, in any system where you’re sending data to a server, someone with access to the server is theoretically capable of capturing every input you send to it and logging it to disk for an unlimited period of time (including passwords, so don’t reuse your important ones!). So, essentially, don’t send anything to a game (whether it’s running on Penn, Evennia, Ares, w/e) that you wouldn’t want the server admin to theoretically see.

There is no securing against a bad actor in the case where the bad actor has control of one side of the conversation.

dvoraen

@MisterBoring So I’m going to come off the fence and talk about your query about logging everything from a few points. I’ll likely repeat someone here, but que será será there.

Yes, it’s certainly possible to log everything, literally everything, and you likely wouldn’t run out of storage (especially if you had a 1TB drive allocation), but I think you’ll find this will accumulate space on your host much more quickly than you think. This is both game and player dependent, but the sheer amount of text involved will add up.

That said, I don’t advocate for a log of everything input, myself. While I think there should be (sealed) documentation that staff can review if pointed out, as Ares does, it should largely be a black box that isn’t opened unless players themselves are the ones who open it. They are the ones that should have the proverbial keys to the communication kingdom, in terms of what gets revealed. Obviously, channels are fair game for everyone, because staff will know about every channel in the game anyway, but RP and pages (and to some extent, @mails) should not be something they can on-a-whim perceive. Again, player agency is important here in what is disclosed.

That said, the problem lies in finding a solution where staff can further investigate if they suspect there is a problem with what has been shown to them. I don’t have any good ideas here; it’s not something I’ve thought on in great detail. What I do know is that the moment you go into master logs and say “well but you said this which looks like you encouraged it and you didn’t tell me that”, you immediately violate trust with your player(s) in question. Granted, that is probably a price to pay when it’s a serious allegation like sexual misconduct from a creeper, but I shouldn’t need to explain why it’s bad if the victim thinks you’re digging into their private discussions beyond the scope of the disclosure/report. At the end of the day, someone went over the line or you wouldn’t have a report in the first place. Don’t be a part of the group that went over the line.

Ashen-Shugar

@dvoraen said in On the utility of Logs, Receipts, and Proof:

[snip]
At the end of the day, someone went over the line or you wouldn’t have a report in the first place. Don’t be a part of the group that went over the line.

Once upon a time, my wife started up a mush based on the movie Labyrinth. It had base ‘please have permission if you’re not 18+’ which as everyone knows people tend to ignore anyway.

So, lets fast forward a year.

Labyrinth, yes, it attracts under aged people, we don’t ask, they don’t tell.

Except one day we had a potentail creeper come on. very very good on hiding what they do. page only, in so much as gathering times to send real life information back and forth.

real life information like nude pictures of children on the mush.

Which I would not have known if i was not ‘logging everything going on’.

Which would have promptly gotten me in trouble with a federal agency, which was involved in this situation.

Which was ugly all around.

So yes, I’m all for privacy, and all for ‘not being part of the group that goes over the line’.

But sometimes in rare situations, you have to ask yourself. Who suffers the most when you refuse to go over ‘that line’?

Food for thought.

Polk

@MisterBoring It’s possible. But it’s a) a bad idea because it will make players feel bad for obvious reasons, and b) it creates a dump of data so massive that it’s difficult to search through.

MisterBoring

@Polk said in On the utility of Logs, Receipts, and Proof:

a bad idea because it will make players feel bad for obvious reasons

This makes me feel like all players view all staff as bad actors by default. Which is possibly true because our community has a long history of being unable to effectively deal with bad actors outside of throwing up lots of warnings on forums like this and MSB.

@Polk said in On the utility of Logs, Receipts, and Proof:

it creates a dump of data so massive that it’s difficult to search through.

I’m fairly certain that it would be easy to script the logging in a way that tagged each line of input with a searchable string. I’m not advocating for full logging just the raw information. I’m suggesting that the logging be done in a way that provides staff with a searchable way to immediately get information on a situation.

Ultimately the whole discussion of logs, receipts and proof I feel falls into the battle between privacy and safety, which is basically it’s own thread and I’m not going to jump into that here or elsewhere. I deal with that enough at my job.

The other thing we have to consider is trust in staff. We trust that staff will do what they can to protect us from bad actors when we point out their harmful behavior, but at the same time, we need to trust staff with the tools and access they need to make educated decisions about what’s going on.

Also, Telnet isn’t exactly secure, so I honestly sometimes wonder what’s stopping technically savvy bad actors from accessing information that’s not meant for them or their characters.

sao

I don’t think staff needs to be bad actors for me to not want them to be in my private shit?

Ashen-Shugar

@sao said in On the utility of Logs, Receipts, and Proof:

I don’t think staff needs to be bad actors for me to not want them to be in my private shit?

So you er, may not want to be on the internet?

TCPDUMP(1)                                                       General Commands Manual                                                      TCPDUMP(1)

NAME
       tcpdump - dump traffic on a network

SYNOPSIS
       tcpdump [ -AbdDefhHIJKlLnNOpqStuUvxX# ] [ -B buffer_size ]
               [ -c count ]
               [ -C file_size ] [ -G rotate_seconds ] [ -F file ]
               [ -i interface ] [ -j tstamp_type ] [ -m module ] [ -M secret ]
               [ --number ] [ -Q in|out|inout ]
               [ -r file ] [ -V file ] [ -s snaplen ] [ -T type ] [ -w file ]
               [ -W filecount ]
               [ -E spi@ipaddr algo:secret,...  ]
               [ -y datalinktype ] [ -z postrotate-command ] [ -Z user ]
               [ --time-stamp-precision=tstamp_precision ]
               [ --immediate-mode ] [ --version ]
               [ expression ]

The reason I bring this up is that everyone tied to the internet can and will log everything for ‘reasons’. It boils down that you have to trust the people who control the mechanisms where you send and receive data to not be douchebags.

Data collection is big business anymore. Privacy is important, but to be perfectly clear, connecting to the internet waves your ability to guarentee that. It just does.

sao

@Ashen-Shugar Cute. I don’t want to be on the internet, it just beats the options of not being on the internet.

What I mean is: while there are many ways for this to be an issue, active mistrust of staff is not required for me to prefer that they not have easy, immediate access to conversations or rp I undertake with the expectation of privacy.

Roz

Pax

@Ashen-Shugar My dude, my guy, my french fry:

That data collection exists at an obligatory and, let’s be fair, extremely technical level doesn’t mean that overt monitoring is the ideal resolution in every scenario.

What a nuclear take.

sao

@Pax I am going to remember that French fry forever. Ty for expanding my vocabulary in this way.

Ashen-Shugar

@Pax said in On the utility of Logs, Receipts, and Proof:

@Ashen-Shugar My dude, my guy, my french fry:

That data collection exists at an obligatory and, let’s be fair, extremely technical level doesn’t mean that overt monitoring is the ideal resolution in every scenario.

What a nuclear take.

@Pax my bud, my chum, my beaten drum:

Obligatory in a ‘need for beer’ kind of way sure, in that ‘if you want to use our services, you agree to be collected’. Where ‘opt-out’ means you don’t use the service, which, for a lot of places means ‘the internet’.

Even ‘opting out’ just means it dosn’t personalize the data, they still collect it.

It’s not a nuclear option when most places are glowing green around us.

sao

@Ashen-Shugar this really just is a weird derail of the point. The fact that we live in a weird corporatist oligarchy is a fact that we all live with but that doesn’t mean that in our hobbies as between each other we can’t have totally reasonable expectations of privacy and data sharing separate from the compromises we have had to make with technology in order to exist.

Google may be up in my business but that doesn’t mean my friends expect me to hand them my password just because we chat. Like, what even is this point you’re trying to make?

Ashen-Shugar

@sao said in On the utility of Logs, Receipts, and Proof:

@Ashen-Shugar this really just is a weird derail of the point. The fact that we live in a weird corporatist oligarchy is a fact that we all live with but that doesn’t mean that in our hobbies as between each other we can’t have totally reasonable expectations of privacy and data sharing separate from the compromises we have had to make with technology in order to exist.

Google may be up in my business but that doesn’t mean my friends expect me to hand them my password just because we chat. Like, what even is this point you’re trying to make?

The point I’m tryng to make is that whle privacy should be enjoyed and even apprecated, it really shouldn’t be expected, especally when situatons arise that may demand that privacy concerns are not as important as the situation that may require that data.

That’s my point.