warning to the whatever bay (brodgar)

[VDZ]

Victim blaming. Cute.

I'm assuming that retort is targeted at my criticism of WB.

Let's imagine that I'm your neighbour and ignore fire breaking out in my residence. Fire ends up burning your residence down as well while I continue to do nothing. When you ask why I didn't simply call the local 911 equivalent to at least mitigate the damage, I call you out for victim blaming.

Charter Stones cost only one Rock Crystals now. Why not build an "answering machine" vclaim somewhere that can hold the correct name? Have something paved inside the vclaim to explain that this is a "redirect" from the real market because market Charter Stone had to be deactivated.

Okay, but consider this. Your analogy makes no sense. Authority only exists at the tip of the sword in Hafen and the fire didn't start by itself, it was instigated. You are in essence, blaming the home-owner, whose house is burning down, that he should've forwarded his mail adress, instead of having UPS throw his packages into the blaze. Because some ass set his house on fire without warning while attempting to break inside. I am dimly aware what you are attempting to get at, but you are still absolving the responsible parties of blame by critiquing WB's handling of the out of context situation they are currently facing with a poorly structured analogy.

This kind of bullshit is precisely why I hate the term 'victim blaming'. Just because you're suffering, that does not automatically absolve you of any responsibilities. Whatever Bay could reduce a lot of suffering by at least communicating on the forums that their charter stone was hijacked. (By the way, the Apples & Oranges thread OP still only says the market is closed, it doesn't give any explicit warning that trying to teleport to 'bay' will get you killed.) Whatever Bay is a victim, but they can definitely be blamed for not taking the obvious actions to reduce harm.

It is also, ofc, the responsibility of the player to be aware of the goings-on in the game. This is not done simply by playing the game. Which kind of sucks since not everyone surfs or trolls the forums... I have no argument here... Just pointing out that it sucks that some people that are unaware of a siege likely got ganked trying to do what they felt was normal due to the mishandling and mismanagement of the charter stone.

This part, on the other hand, I do blame the game for. In-game communication options are extremely limited, resulting in people using external communication methods (mainly Discord nowadays) for essential game-related communication. (Just see Apples & Oranges: every trader requires you to contact them on Discord, and even Whatever Bay required Discord if you want to have your own stand.) There are players who do not check the forums and aren't on any game-related Discord servers, and they have no way of knowing what happened to Whatever Bay, and even if Whatever Bay handled things better they still wouldn't be able to contact these players. Requiring players to install spyware* for vital game-related communication is a game flaw.

(*Not mentioned in the linked article, but Discord also bans people who try to use custom Discord clients. You must run their version which collects various kinds of info on you.)

[Saxony4]

There are players who do not check the forums and aren't on any game-related Discord servers, and they have no way of knowing what happened to Whatever Bay, and even if Whatever Bay handled things better they still wouldn't be able to contact these players. Requiring players to install spyware* for vital game-related communication is a game flaw.

The sources listed by that quack ass website are questionable at best and schizophrenic at worst, by their same criteria for spyware every browser you could possibly be using to access this forum right now is spyware, spoopy right? Guess it's time to stop using your computer. Discord legally cannot do what you or whoever keeps that schizo website afloat think they can do. You're literally 100 times more at risk downloading a custom haven client than using discord. Fact.

Also for the record I jumped in intentionally knowing the charter was compromised to get the coords of the cute little loot depot https://map.hearthworld.com/?x=24&y=-20&zoom=0

[VDZ]

Discord legally cannot do what you or whoever keeps that schizo website afloat think they can do.

Have you been following tech news at all in the past few years? Tech companies are breaking the law non-stop nowadays because the fines (if they even get caught) are lower than the profits. And that's when government agencies aren't involved; when they are, which is also the case here, the companies are allowed (and may be forced) to do all kinds of shady shit. PRISM confirmed as much, and that was back in 2007; things have gotten far worse since then. (Also, I can confirm the process logger part myself; I use Discord for work and using Procmon I can see it checking processes non-stop, even custom-made programs they have no way of knowing about so they really check everything, not just a whitelist or something. This happens even if you have all detection stuff turned off in the interface.)

The sources listed by that quack ass website are questionable at best and schizophrenic at worst, by their same criteria for spyware every browser you could possibly be using to access this forum right now is spyware, spoopy right?

It is indeed spoopy that an advertising company known for spying on users controls the base code of nearly all modern browsers, and that its only 'real' competitor gets 90% of its funding from them. You are constantly being spied on on the web nowadays, and you have to take proactive measures to prevent that.

You're literally 100 times more at risk downloading a custom haven client than using discord. Fact.

Depends on your threat model. Ender is unlikely to report me for talking shit about the populist far-right politician here who just won a landslide election victory and which some professors of law and politics fear might do a power grab. He's also unlikely to attempt to steal sensitive information about stuff I'm working on (for my employer or personally), whereas Discord is in direct contact with our competitors. Even Shubla only stole Haven-related data as far as I'm aware.

[Ø]

Discord legally cannot do what you or whoever keeps that schizo website afloat think they can do.

Have you been following tech news at all in the past few years? Tech companies are breaking the law non-stop nowadays because the fines (if they even get caught) are lower than the profits. And that's when government agencies aren't involved; when they are, which is also the case here, the companies are allowed (and may be forced) to do all kinds of shady shit. PRISM confirmed as much, and that was back in 2007; things have gotten far worse since then. (Also, I can confirm the process logger part myself; I use Discord for work and using Procmon I can see it checking processes non-stop, even custom-made programs they have no way of knowing about so they really check everything, not just a whitelist or something. This happens even if you have all detection stuff turned off in the interface.)

The sources listed by that quack ass website are questionable at best and schizophrenic at worst, by their same criteria for spyware every browser you could possibly be using to access this forum right now is spyware, spoopy right?

It is indeed spoopy that an advertising company known for spying on users controls the base code of nearly all modern browsers, and that its only 'real' competitor gets 90% of its funding from them. You are constantly being spied on on the web nowadays, and you have to take proactive measures to prevent that.

You're literally 100 times more at risk downloading a custom haven client than using discord. Fact.

Depends on your threat model. Ender is unlikely to report me for talking shit about the populist far-right politician here who just won a landslide election victory and which some professors of law and politics fear might do a power grab. He's also unlikely to attempt to steal sensitive information about stuff I'm working on (for my employer or personally), whereas Discord is in direct contact with our competitors. Even Shubla only stole Haven-related data as far as I'm aware.

This is stuff that's been going on long before PRISM. Legion, One, and the rest have been talking about these things since before the turn of the century.

[StalkerSleem]

Before moving, there is a preview of where you get to. In order not to be a fool, it is enough to be just a little attentive. This game is not a harmless farm...



In general, I think that charter stones should receive a unique name, which will be fixed until it is destroyed

[VDZ]

Before moving, there is a preview of where you get to. In order not to be a fool, it is enough to be just a little attentive. This game is not a harmless farm...

As a reminder, tracking is turned off by default in the default client (and so is the map window). That area would look pretty peaceful if it weren't for the scents.

[Okocim]

In general, I think that charter stones should receive a unique name, which will be fixed until it is destroyed

Fixing name would create few new problems and wouldn't rly fix the old ones.
The issues in my opinion are: Name is case sensitive "Bay" and "bay" can lead to different places and second is that the only way to deactivate charter stone is to remove the code completely allowing for others to hijack the name.

[Ø]

Before moving, there is a preview of where you get to. In order not to be a fool, it is enough to be just a little attentive. This game is not a harmless farm...

As a reminder, tracking is turned off by default in the default client (and so is the map window). That area would look pretty peaceful if it weren't for the scents.

^This.
And without knowing what's going on via outside sources which not everyone uses there is no way to know it's a trap.

Things that can prevent this that are in game currently are limited to the group that is under siege creating or having a backup charter stone in place with an alt ready to activate it at any given moment that is hopefully unknown by the attacking group and well defended. OR Attempting to flee to build and activate a new charter stone without being followed and/or killed in the process which is about as likely to happen as the current quarrel is to end in friendship and comradery between the parties involved...

Fixes for this that would need to be implemented to prevent this type of vulnerability include, but are not limited to:

• Charter Stone retaining name and not being able to be hijacked while being deactivated.
• The ability to add a MotD to the charter stone while traveling.
  It could look like:
  [typical travel message]
  {Break}
  [MotD]
  

  Confirming this travel will cause 44.4% travel weariness.
  Whatever Bay is currently under siege. Travel at your own risk.

  If the charter stone is active.
  

  This charter stone is deactivated.
  Whatever Bar is currently under siege. For your protection this charter stone has been deactivated. Do not use unofficial charter stones as they may cause permanent loss.

  If the charter stone is deactivated.
• Tracking on by default.
• Changes to the tracking system that allows for scents to be seen without the ability to collect and track scents that you don't have enough detection to see in the current system. Messages could be used like when attempting to mine a wall that you are not strong enough to mine...or something...
• Travel checking permissions of the area being traveled to with warnings; ie, "You do not have X permissions to the destination. Confirming travel with Criminal Acts on may leave scents."
• Spawn protection when changing zones. Time it takes to travel to hearth + maybe 2 seconds. I realize this suggestion is the worst and will be shit on by everyone. It is not a real suggestion, but it could resolve some of the games ganking issues. Please, don't fixate on this one as it will never be implemented in this game.
• Password protected charter stones that require a Parchment to learn and be able to use the charter stone without ever knowing the password.
  Player A creates charter stone using a password and grants access to Player B by giving Permission Slip (password on parchment) to them. Player A sets up charter stone permissions to allow anyone to create Permission Slip. Player B creates and gives Permission Slip to Player C and so on.
  This ensures that even if the charter stone name is hijacked anyone that knows how they original charter stone was operated should know that a Permission Slip is required and if it is not then there may be something nefarious afoot. Conversely, the only way to do this with warning signs to players is to force password creation on all charter stones which will likely lead to players revolting against the whole concept...

[VDZ]

• Password protected charter stones that require a Parchment to learn and be able to use the charter stone without ever knowing the password.
  Player A creates charter stone using a password and grants access to Player B by giving Permission Slip (password on parchment) to them. Player A sets up charter stone permissions to allow anyone to create Permission Slip. Player B creates and gives Permission Slip to Player C and so on.
  This ensures that even if the charter stone name is hijacked anyone that knows how they original charter stone was operated should know that a Permission Slip is required and if it is not then there may be something nefarious afoot. Conversely, the only way to do this with warning signs to players is to force password creation on all charter stones which will likely lead to players revolting against the whole concept...

Code: Select all

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE STONE IDENTIFICATION HAS CHANGED!    @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a charter stone key has just been changed.
The fingerprint for the ECDSA key sent by the remote stone is
SHA256:Xj82+L8+BAYVso+YSSp+jhE6ncPgV/Q5SlWekCiYgrQ.
Please contact your village administrator.
Add correct stone key in /hearth/sprucecap/.charter/known_stones to get rid of this message.
Offending ECDSA key in /hearth/sprucecap/.charter/known_stones:10
  remove with:
  charter-keygen -f "/hearth/sprucecap/.charter/known_stones" -R "bay"
ECDSA stone key for bay has changed and you have requested strict checking.
Stone key verification failed.

[Ø]

• Password protected charter stones that require a Parchment to learn and be able to use the charter stone without ever knowing the password.
  Player A creates charter stone using a password and grants access to Player B by giving Permission Slip (password on parchment) to them. Player A sets up charter stone permissions to allow anyone to create Permission Slip. Player B creates and gives Permission Slip to Player C and so on.
  This ensures that even if the charter stone name is hijacked anyone that knows how they original charter stone was operated should know that a Permission Slip is required and if it is not then there may be something nefarious afoot. Conversely, the only way to do this with warning signs to players is to force password creation on all charter stones which will likely lead to players revolting against the whole concept...

Code: Select all

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE STONE IDENTIFICATION HAS CHANGED!    @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a charter stone key has just been changed.
The fingerprint for the ECDSA key sent by the remote stone is
SHA256:Xj82+L8+BAYVso+YSSp+jhE6ncPgV/Q5SlWekCiYgrQ.
Please contact your village administrator.
Add correct stone key in /hearth/sprucecap/.charter/known_stones to get rid of this message.
Offending ECDSA key in /hearth/sprucecap/.charter/known_stones:10
  remove with:
  charter-keygen -f "/hearth/sprucecap/.charter/known_stones" -R "bay"
ECDSA stone key for bay has changed and you have requested strict checking.
Stone key verification failed.

I can't tell if this is meant as an insult to the idea or if it's in support. Either way it made me giggle.