Don’t forget we moved!
https://brandmu.day/
On the utility of Logs, Receipts, and Proof
-
@MisterBoring So I’m going to come off the fence and talk about your query about logging everything from a few points. I’ll likely repeat someone here, but que será será there.
Yes, it’s certainly possible to log everything, literally everything, and you likely wouldn’t run out of storage (especially if you had a 1TB drive allocation), but I think you’ll find this will accumulate space on your host much more quickly than you think. This is both game and player dependent, but the sheer amount of text involved will add up.
That said, I don’t advocate for a log of everything input, myself. While I think there should be (sealed) documentation that staff can review if pointed out, as Ares does, it should largely be a black box that isn’t opened unless players themselves are the ones who open it. They are the ones that should have the proverbial keys to the communication kingdom, in terms of what gets revealed. Obviously, channels are fair game for everyone, because staff will know about every channel in the game anyway, but RP and pages (and to some extent, @mails) should not be something they can on-a-whim perceive. Again, player agency is important here in what is disclosed.
That said, the problem lies in finding a solution where staff can further investigate if they suspect there is a problem with what has been shown to them. I don’t have any good ideas here; it’s not something I’ve thought on in great detail. What I do know is that the moment you go into master logs and say “well but you said this which looks like you encouraged it and you didn’t tell me that”, you immediately violate trust with your player(s) in question. Granted, that is probably a price to pay when it’s a serious allegation like sexual misconduct from a creeper, but I shouldn’t need to explain why it’s bad if the victim thinks you’re digging into their private discussions beyond the scope of the disclosure/report. At the end of the day, someone went over the line or you wouldn’t have a report in the first place. Don’t be a part of the group that went over the line.
-
@dvoraen said in On the utility of Logs, Receipts, and Proof:
[snip]
At the end of the day, someone went over the line or you wouldn’t have a report in the first place. Don’t be a part of the group that went over the line.Once upon a time, my wife started up a mush based on the movie Labyrinth. It had base ‘please have permission if you’re not 18+’ which as everyone knows people tend to ignore anyway.
So, lets fast forward a year.
Labyrinth, yes, it attracts under aged people, we don’t ask, they don’t tell.
Except one day we had a potentail creeper come on. very very good on hiding what they do. page only, in so much as gathering times to send real life information back and forth.
real life information like nude pictures of children on the mush.
Which I would not have known if i was not ‘logging everything going on’.
Which would have promptly gotten me in trouble with a federal agency, which was involved in this situation.
Which was ugly all around.
So yes, I’m all for privacy, and all for ‘not being part of the group that goes over the line’.
But sometimes in rare situations, you have to ask yourself. Who suffers the most when you refuse to go over ‘that line’?
Food for thought.
-
@MisterBoring It’s possible. But it’s a) a bad idea because it will make players feel bad for obvious reasons, and b) it creates a dump of data so massive that it’s difficult to search through.
-
@Polk said in On the utility of Logs, Receipts, and Proof:
a bad idea because it will make players feel bad for obvious reasons
This makes me feel like all players view all staff as bad actors by default. Which is possibly true because our community has a long history of being unable to effectively deal with bad actors outside of throwing up lots of warnings on forums like this and MSB.
@Polk said in On the utility of Logs, Receipts, and Proof:
it creates a dump of data so massive that it’s difficult to search through.
I’m fairly certain that it would be easy to script the logging in a way that tagged each line of input with a searchable string. I’m not advocating for full logging just the raw information. I’m suggesting that the logging be done in a way that provides staff with a searchable way to immediately get information on a situation.
Ultimately the whole discussion of logs, receipts and proof I feel falls into the battle between privacy and safety, which is basically it’s own thread and I’m not going to jump into that here or elsewhere. I deal with that enough at my job.
The other thing we have to consider is trust in staff. We trust that staff will do what they can to protect us from bad actors when we point out their harmful behavior, but at the same time, we need to trust staff with the tools and access they need to make educated decisions about what’s going on.
Also, Telnet isn’t exactly secure, so I honestly sometimes wonder what’s stopping technically savvy bad actors from accessing information that’s not meant for them or their characters.
-
I don’t think staff needs to be bad actors for me to not want them to be in my private shit?
-
@sao said in On the utility of Logs, Receipts, and Proof:
I don’t think staff needs to be bad actors for me to not want them to be in my private shit?
So you er, may not want to be on the internet?
TCPDUMP(1) General Commands Manual TCPDUMP(1) NAME tcpdump - dump traffic on a network SYNOPSIS tcpdump [ -AbdDefhHIJKlLnNOpqStuUvxX# ] [ -B buffer_size ] [ -c count ] [ -C file_size ] [ -G rotate_seconds ] [ -F file ] [ -i interface ] [ -j tstamp_type ] [ -m module ] [ -M secret ] [ --number ] [ -Q in|out|inout ] [ -r file ] [ -V file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -E spi@ipaddr algo:secret,... ] [ -y datalinktype ] [ -z postrotate-command ] [ -Z user ] [ --time-stamp-precision=tstamp_precision ] [ --immediate-mode ] [ --version ] [ expression ]
The reason I bring this up is that everyone tied to the internet can and will log everything for ‘reasons’. It boils down that you have to trust the people who control the mechanisms where you send and receive data to not be douchebags.
Data collection is big business anymore. Privacy is important, but to be perfectly clear, connecting to the internet waves your ability to guarentee that. It just does.
-
@Ashen-Shugar Cute. I don’t want to be on the internet, it just beats the options of not being on the internet.
What I mean is: while there are many ways for this to be an issue, active mistrust of staff is not required for me to prefer that they not have easy, immediate access to conversations or rp I undertake with the expectation of privacy.
-
-
@Ashen-Shugar My dude, my guy, my french fry:
That data collection exists at an obligatory and, let’s be fair, extremely technical level doesn’t mean that overt monitoring is the ideal resolution in every scenario.
What a nuclear take.
-
@Pax I am going to remember that French fry forever. Ty for expanding my vocabulary in this way.
-
@Pax said in On the utility of Logs, Receipts, and Proof:
@Ashen-Shugar My dude, my guy, my french fry:
That data collection exists at an obligatory and, let’s be fair, extremely technical level doesn’t mean that overt monitoring is the ideal resolution in every scenario.
What a nuclear take.
@Pax my bud, my chum, my beaten drum:
Obligatory in a ‘need for beer’ kind of way sure, in that ‘if you want to use our services, you agree to be collected’. Where ‘opt-out’ means you don’t use the service, which, for a lot of places means ‘the internet’.
Even ‘opting out’ just means it dosn’t personalize the data, they still collect it.
It’s not a nuclear option when most places are glowing green around us.
-
@Ashen-Shugar this really just is a weird derail of the point. The fact that we live in a weird corporatist oligarchy is a fact that we all live with but that doesn’t mean that in our hobbies as between each other we can’t have totally reasonable expectations of privacy and data sharing separate from the compromises we have had to make with technology in order to exist.
Google may be up in my business but that doesn’t mean my friends expect me to hand them my password just because we chat. Like, what even is this point you’re trying to make?
-
@sao said in On the utility of Logs, Receipts, and Proof:
@Ashen-Shugar this really just is a weird derail of the point. The fact that we live in a weird corporatist oligarchy is a fact that we all live with but that doesn’t mean that in our hobbies as between each other we can’t have totally reasonable expectations of privacy and data sharing separate from the compromises we have had to make with technology in order to exist.
Google may be up in my business but that doesn’t mean my friends expect me to hand them my password just because we chat. Like, what even is this point you’re trying to make?
The point I’m tryng to make is that whle privacy should be enjoyed and even apprecated, it really shouldn’t be expected, especally when situatons arise that may demand that privacy concerns are not as important as the situation that may require that data.
That’s my point.
-
@Ashen-Shugar There’s an Atlantic-sized gulf between “TCP capture is possible” and “this game server I am playing on has developed a specifically coded feature that enables me to view log data at will”. Like no I’m not concerned someone’s gonna wireshark my TS or whatever but I am concerned that someone’s got a tool running that pipes all synonyms for pee-pee and hoo-ha to their terminal.
-
Expectation of privacy is actually a legal concept that has protections in most of the world, including the US and the EU, which is why all those EULAs have indemnification waivers in them. Privacy should absolutely expected because its violation is not and should not be the standard.
It’s not a privilege, it’s a right. (Unlike playing on a game – clearly a privilege, not a right.)
Am I an absolutist on this? Clearly not. I am on the internet. But the idea that I should be thanking staffers for not sticking their noses in my underwear because they are entitled to do so in some way is frankly ludicrous.
-
Is it weird that, as a Ares game runner, I have literally no idea how to access that information and I have the server password to my game? I just kind of shrug assume if something is wrong, the server owners will let me know.
…or they’ll remind that my card is expired because I changed debit cards and forgot to switch it there too.
-
@Testament said in On the utility of Logs, Receipts, and Proof:
Is it weird that, as a Ares game runner, I have literally no idea how to access that information and I have the server password to my game? I just kind of shrug assume if something is wrong, the server owners will let me know.
…or they’ll remind that my card is expired because I changed debit cards and forgot to switch it there too.
No, it’s designed this way on purpose. Someone who knows how to use code to access the database has access to lots of information, but I’d wager that most Ares gamerunners do not fall under this umbrella.
-
@Ashen-Shugar Your point is flawed.
Of course data is being collected; that’s hardly secret; data is being collected to such an extent that it’s monetized to pay for some of the largest companies in the world. Meta and Google are running almost entirely on your privacy.
But what it sounds like you’re saying is that because this data is being collected and we’re all here on the web in apparent tacit acceptance of that social contract, that no one has any ground to stand on in taking issue with how the data collected is accessed or used.
The tldr of your weird hill is: “You don’t like logs? TOO BAD. THE INTERNET, BABY.”
You’re not creating conversation, you’re, as someone rightly said, derailing it with unnecessary pedantry. Stahp.
-
@Ashen-Shugar So let’s see if I can explain why I disagree with a metaphor. This is how your point comes across, to me:
I own a building. A crime happens in my building. I’m culpable for the crime because I own the building.
So I suddenly am expected to a) track what goes on in the building; b) had any control whatsoever about what happens inside the building.
That’s ridiculous, and most certainly not how it works in today’s society, otherwise companies and schools would be liable for the mass shootings that happen inside their areas. It’s an absolutely absurd take.
I reject the idea that I need to tacitly monitor everything that happens on a MU* I run because someone might do something illegal. That’s like saying I should wiretap my neighbors because they talked about where to hide a corpse, because I live in the same apartment complex. Oh no, they did something bad, clearly I need to have been more responsible to make sure it didn’t happen so I could tell the cops, to the point of being unethical and invasive in my methods!
No.
-
@shit-piss-love Sponge basically wiresharked all traffic in and out of City of Hope. I don’t know if that functionality was preserved after the game was moved.
That sounds HORRIBLE, and will make players feel bad, but in practice that sort of thing is completely, absolutely impractical for a person to read unless there’s some urgent need involved.
The more you’re logging, the more impersonal it is.
The worst spying is the personal kind: sitting DARK and following you is far more of an intrusion.
Which is why I said the players would FEEL bad about mass logging: it’s much less of an intrusion than it sounds like.