On the utility of Logs, Receipts, and Proof

Pavel

@Gashlycrumb said in On the utility of Logs, Receipts, and Proof:

I think this misleading.
As I understand it, the #1 selling brand of abuser is pretty much grooming everybody all the time. They may target the most vulnerable person, but they don’t stop just because there’s no easy target. If you are not being targeted they’re often a delight, an attentive friend and a fun player. They abuse specific individuals while giving everyone else the impression of being very nice and reasonable.

That’s pretty much exactly what I said.

Gashlycrumb

Except for the bit where your post seems to be saying that those who do not regularly ‘fight land wars in their own brain’ are never going to get targeted. On a long enough time scale, they will.

MisterBoring

Is it possible to have a game log everything input by every bit on the game everywhere?

I would think that having full logs of the entire game in some organized format would help staff combat bad actors as they would be able to immediately review the logs to see what happened. Full transparency across all accounts.

I feel like server hardware is strong enough now to handle that without any detriment to a game.

At least then staff has immediate access to all of the information regarding the situation in game. I understand there are lots of concerns with that, including metagaming, staff abuse, staff seeing conversations that are unrelated to the game and meant to be private, but open logs aren’t going to drive up the first two (as metagaming and staff abuse happen even without open logs) and the third potential issue can be avoided by just having those private conversations almost anywhere else off game (Discord, email, Skype, wherever. There’s a lot of communications options these days.

I guess my point is that full logging would be a boon to staff who are actually working to keep bad actors and broken stairs off of games we love so much.

And my stream of consciousness is over now. I hope I made sense.

bear_necessities

@MisterBoring No thanks. That Star Wars game thread just talked about how staff were reading logs of people’s pages and using it against them, I don’t want to be on a game where staff can read everything. But also on the flip side, if I’m staffing a game, I’m not the police - I don’t want to spend time combing through logs searching for creepers on the off chance I catch them in the act or something.

And even if its’ like “oh well you could just use the logs when someone complains” <-- again, not the police, I’m not here to prove your innocence or guilt. If someone comes to me and complains that you’re a creeper and my gut says you’re a creeper than you are a creeper. Sorry not sorry, goodbye to you sort of situation.

hellfrog

@MisterBoring I mean this is highly possible, storage depending, but also very weird. As staff i do not WANT access to every input entered in the game. Pls no

GF

A lot of the suggestions in this thread seems to presuppose that people use evidence to reach a conclusion, rather than reaching a conclusion and searching for evidence to support it. It’s not necessarily wrong to make that assumption, but I think a discussion of utility of proof is incomplete if we leave out the bad actors.

Jennkryst

@bear_necessities I once, in the long-long ago, loosely considered the idea of this, and then part of the +policy was ‘everybody log everything yourself’… then if issues arose, I go ‘hey… +policy says to log shit. Both of you send me your logs.’ And then compare. If they are the same, I don’t need to pull the master log to find out which person is lying.

You know, the principle behind police wearing body cams. Document everything. But better, because there is a way to tell if people are doctoring things. So I have no reason to go into the master log unless someone forces my hand, and then the person who submitted the fake log might also just get banned, themselves.

But that’s like… still too much work, and doesn’t feel like it solves any issues.

IoleRae

“Monitor everything” is not a good response to the possibility of rule breaking. “Monitor everything” — just, put it in ANY other context and it suddenly becomes clear why it’s such a problem.

I hope

Dear god I hope

Jennkryst

@IoleRae Yup. It was the long-long ago, so I was young(er) and dumb(er) and thought a panopticon could maybe work, before I even knew there was a word for it. No privacy gets violated unless somebody lies about a log and I have to go comb through shit to find out what the truth is, and woe unto anyone who made me do work.

But. Turns out it’s easier to scare most of the problem people away by having all the cool bullies there. Who knew?

Pax

@Jennkryst Logging everything is not the objective end-all of problematic behavior. Logging everything as a policy to handle player conflict still requires a lot of people to be good actors along the way, completely irrespective of editing logs.

Logging everything doesn’t account for:

• Out-of-band communication (isn’t it funny that it’s called Discord?)
• Staff and players having the same or comparable thresholds of discomfort, OR
• Staff accepting and believing that something can make a player uncomfortable even if it doesn’t make that Staffer personally uncomfortable
• Lack of bias on the adjudicating party
• Slut-shaming

And that’s a partial list off the top of my head while I’m sleepy on a Wednesday.

It’s not like bodycams on the police, not at all. Cops are at work and they have lethal weapons in their pockets. No, this is like putting a camera in your bedroom and your living room and in the shower with you and then combing back through that footage every time you have a grievance with someone.

IoleRae

Privacy has intrinsic value. It is valuable because it is privacy. Logging everything violates it by creating a record that can be combed through. If that record does not exist, you have privacy. If it does, you do not.

Ares’s ability to opt-in/consent on the spot to capture a particular problem is EXACTLY right. It is the correct level of trade between privacy and protection. I can say ‘please capture this in a way I cannot alter’ and send it up, without having to worry about my RL medical woe discussion going across a staff channel for lulz.

Jennkryst

@Pax said in On the utility of Logs, Receipts, and Proof:

@Jennkryst Logging everything is not the objective end-all of problematic behavior. Logging everything as a policy to handle player conflict still requires a lot of people to be good actors along the way, completely irrespective of editing logs.

Logging everything doesn’t account for:

• Out-of-band communication (isn’t it funny that it’s called Discord?)

So much in the long-long ago, this was pre-discord! I mean, there were other off-game methods, but I choose to hyper-fixate on this!

@IoleRae said in On the utility of Logs, Receipts, and Proof:

Privacy has intrinsic value. It is valuable because it is privacy. Logging everything violates it by creating a record that can be combed through. If that record does not exist, you have privacy. If it does, you do not.

Ares’s ability to opt-in/consent on the spot to capture a particular problem is EXACTLY right. It is the correct level of trade between privacy and protection. I can say ‘please capture this in a way I cannot alter’ and send it up, without having to worry about my RL medical woe discussion going across a staff channel for lulz.

How far back does the Ares opt-in go? Like if a week later someone else points something out and it clicks in your head, is that somewhere?

Rathenhope

@Jennkryst said in On the utility of Logs, Receipts, and Proof:

How far back does the Ares opt-in go? Like if a week later someone else points something out and it clicks in your head, is that somewhere?

This depends on how the game has been configured. Ares game have a configurable retention period for things like channels and pages, after which they’re deleted. As long as you’re within the retention period you can report it.

@IoleRae said in On the utility of Logs, Receipts, and Proof:

Ares’s ability to opt-in/consent on the spot to capture a particular problem is EXACTLY right. It is the correct level of trade between privacy and protection. I can say ‘please capture this in a way I cannot alter’ and send it up, without having to worry about my RL medical woe discussion going across a staff channel for lulz.

I am, unfortunately, going to ‘well, actually’ this. Because I love the Ares report feature, but by its very nature, it has to log all pages and channel messages and hold them on the server for it to work. If you can log into Ares and see something like a page, or a channel message, it’s currently stored on the server. While that data may not be immediately viewable to an admin, someone with direct access to the server (so, in most cases, the game runner or server admin) can access the database and view everything that’s within the retention period if they so desire.

And that’s not unique to the report feature - by the nature of Ares itself it needs to store that data so you can have offline pages, page history, channel history and so on.

Though, as I harp on about nearly every time the subject comes up, in any system where you’re sending data to a server, someone with access to the server is theoretically capable of capturing every input you send to it and logging it to disk for an unlimited period of time (including passwords, so don’t reuse your important ones!). So, essentially, don’t send anything to a game (whether it’s running on Penn, Evennia, Ares, w/e) that you wouldn’t want the server admin to theoretically see.

There is no securing against a bad actor in the case where the bad actor has control of one side of the conversation.

dvoraen

@MisterBoring So I’m going to come off the fence and talk about your query about logging everything from a few points. I’ll likely repeat someone here, but que será será there.

Yes, it’s certainly possible to log everything, literally everything, and you likely wouldn’t run out of storage (especially if you had a 1TB drive allocation), but I think you’ll find this will accumulate space on your host much more quickly than you think. This is both game and player dependent, but the sheer amount of text involved will add up.

That said, I don’t advocate for a log of everything input, myself. While I think there should be (sealed) documentation that staff can review if pointed out, as Ares does, it should largely be a black box that isn’t opened unless players themselves are the ones who open it. They are the ones that should have the proverbial keys to the communication kingdom, in terms of what gets revealed. Obviously, channels are fair game for everyone, because staff will know about every channel in the game anyway, but RP and pages (and to some extent, @mails) should not be something they can on-a-whim perceive. Again, player agency is important here in what is disclosed.

That said, the problem lies in finding a solution where staff can further investigate if they suspect there is a problem with what has been shown to them. I don’t have any good ideas here; it’s not something I’ve thought on in great detail. What I do know is that the moment you go into master logs and say “well but you said this which looks like you encouraged it and you didn’t tell me that”, you immediately violate trust with your player(s) in question. Granted, that is probably a price to pay when it’s a serious allegation like sexual misconduct from a creeper, but I shouldn’t need to explain why it’s bad if the victim thinks you’re digging into their private discussions beyond the scope of the disclosure/report. At the end of the day, someone went over the line or you wouldn’t have a report in the first place. Don’t be a part of the group that went over the line.

Ashen-Shugar

@dvoraen said in On the utility of Logs, Receipts, and Proof:

[snip]
At the end of the day, someone went over the line or you wouldn’t have a report in the first place. Don’t be a part of the group that went over the line.

Once upon a time, my wife started up a mush based on the movie Labyrinth. It had base ‘please have permission if you’re not 18+’ which as everyone knows people tend to ignore anyway.

So, lets fast forward a year.

Labyrinth, yes, it attracts under aged people, we don’t ask, they don’t tell.

Except one day we had a potentail creeper come on. very very good on hiding what they do. page only, in so much as gathering times to send real life information back and forth.

real life information like nude pictures of children on the mush.

Which I would not have known if i was not ‘logging everything going on’.

Which would have promptly gotten me in trouble with a federal agency, which was involved in this situation.

Which was ugly all around.

So yes, I’m all for privacy, and all for ‘not being part of the group that goes over the line’.

But sometimes in rare situations, you have to ask yourself. Who suffers the most when you refuse to go over ‘that line’?

Food for thought.

Polk

@MisterBoring It’s possible. But it’s a) a bad idea because it will make players feel bad for obvious reasons, and b) it creates a dump of data so massive that it’s difficult to search through.

MisterBoring

@Polk said in On the utility of Logs, Receipts, and Proof:

a bad idea because it will make players feel bad for obvious reasons

This makes me feel like all players view all staff as bad actors by default. Which is possibly true because our community has a long history of being unable to effectively deal with bad actors outside of throwing up lots of warnings on forums like this and MSB.

@Polk said in On the utility of Logs, Receipts, and Proof:

it creates a dump of data so massive that it’s difficult to search through.

I’m fairly certain that it would be easy to script the logging in a way that tagged each line of input with a searchable string. I’m not advocating for full logging just the raw information. I’m suggesting that the logging be done in a way that provides staff with a searchable way to immediately get information on a situation.

Ultimately the whole discussion of logs, receipts and proof I feel falls into the battle between privacy and safety, which is basically it’s own thread and I’m not going to jump into that here or elsewhere. I deal with that enough at my job.

The other thing we have to consider is trust in staff. We trust that staff will do what they can to protect us from bad actors when we point out their harmful behavior, but at the same time, we need to trust staff with the tools and access they need to make educated decisions about what’s going on.

Also, Telnet isn’t exactly secure, so I honestly sometimes wonder what’s stopping technically savvy bad actors from accessing information that’s not meant for them or their characters.

sao

I don’t think staff needs to be bad actors for me to not want them to be in my private shit?

Ashen-Shugar

@sao said in On the utility of Logs, Receipts, and Proof:

I don’t think staff needs to be bad actors for me to not want them to be in my private shit?

So you er, may not want to be on the internet?

TCPDUMP(1)                                                       General Commands Manual                                                      TCPDUMP(1)

NAME
       tcpdump - dump traffic on a network

SYNOPSIS
       tcpdump [ -AbdDefhHIJKlLnNOpqStuUvxX# ] [ -B buffer_size ]
               [ -c count ]
               [ -C file_size ] [ -G rotate_seconds ] [ -F file ]
               [ -i interface ] [ -j tstamp_type ] [ -m module ] [ -M secret ]
               [ --number ] [ -Q in|out|inout ]
               [ -r file ] [ -V file ] [ -s snaplen ] [ -T type ] [ -w file ]
               [ -W filecount ]
               [ -E spi@ipaddr algo:secret,...  ]
               [ -y datalinktype ] [ -z postrotate-command ] [ -Z user ]
               [ --time-stamp-precision=tstamp_precision ]
               [ --immediate-mode ] [ --version ]
               [ expression ]

The reason I bring this up is that everyone tied to the internet can and will log everything for ‘reasons’. It boils down that you have to trust the people who control the mechanisms where you send and receive data to not be douchebags.

Data collection is big business anymore. Privacy is important, but to be perfectly clear, connecting to the internet waves your ability to guarentee that. It just does.

sao

@Ashen-Shugar Cute. I don’t want to be on the internet, it just beats the options of not being on the internet.

What I mean is: while there are many ways for this to be an issue, active mistrust of staff is not required for me to prefer that they not have easy, immediate access to conversations or rp I undertake with the expectation of privacy.