Subpage under development, new version coming soon!
Subject: HT Admin Secrets blog?
adamc [del] to
All
Anybody heard about/seen it? I read about it on Footstar.
There's also some talk that Extralives hasn't signed up to follow the data protection laws in Gibraltar where it's based. Probably an oversight.
Interesting stuff. Having practically no privacy in the game may make me ditch it again.
What is the privacy like on Sokker?
There's also some talk that Extralives hasn't signed up to follow the data protection laws in Gibraltar where it's based. Probably an oversight.
Interesting stuff. Having practically no privacy in the game may make me ditch it again.
What is the privacy like on Sokker?
As far as I can see, there is no policy here as such. Although unlike other games, all that is asked for is the country rather than your address so there isn't really any personal information besides names (which could easily be made up) ever taken by SK.
pah, it's just stuff either made up by people on footstar to get people off HT, or by people on HT to make it sound more interesting. Either way, mere mortals will never get to see it.
Tax low in Gibraltar is it ? Surprised they're not registered in the Caymans.
(edited)
Tax low in Gibraltar is it ? Surprised they're not registered in the Caymans.
(edited)
Looks real enough to me
I think it's something that needs further investigation before somebody's hobby gets them into trouble.
Sokker stores names, email addresses and ip addresses. Who is able to access this information? Mods are able to read deleted posts.
Any data protection laws are different for each country.
Where I work with have to take server and data access very seriously. We're audited quite regularly.
Here's the German article.
and a borrowed translation
Whether it be CCTV, smart chips, computer searches or address collections, most people frown upon governments or companies trying to enter their private space, but are remarkable careless when it comes to entering information for online games.
An example is the online game Hattrick, made in Sweden in 1997. Like in WoW, representatives watch over the game, 300 GMs watch over the game to make sure it goes smoothly. They look after applications, search for cheaters and remove bugs. And all the time they have access to the information of 950.000 users from the whole world and more information about millions of past users.
The data protection policy of the company Hattrick is notably woolly, and doesn't have to be accepted an application. IPs are saved, it says. All information, that you directly or indirectly enter into Hattrick will be saved, collected and used by us to prove cheating accusations, for deception or criminal activies.
How careless HT-users are when entering details was discovered on the anonymous HT-blog ''HT-secrets'' and revealed the shock of users that their information was being kept without their knowledge.
Not only are user entered details saved, but browser type, read forums, sent and received HT-mails, all log in attempts whether they be with the correct or incorrect password.
The saving of ''unlocking'' passwords is particularly worrying. Jörg Horn, safety expert, recommends an unlocking password (ed - potentially a security question) for systems such as banks.
With HT the internal system is somewhat unconfusing, the user has no chance to read his password or messages to enable him to misbehave. ''To make it clear, no user or GM is in the situation of reading private mails or see passwords etc. It is very important that you we express this''
Also to the GMs who use the Admin-Tool that is used for cheating accusations, checking out new users' information, this is a secret. The admin website, to which only GMs and HTs have access is linked to the databank, in which users' info is stored. With their help, potentially through the system used to validate new users' credentials, it is possible to carry out a computer search.
Thus it is possible for some people to see IPs, email adresses and saved data for active & inactive users. A written duty of silence, like a Non Disclose-Agreement (that's the German word) must be signed, but until now no GM has done this. ''But if you want to break this contract, the fact remains that for years people have had illegal information about users'' said one German-speaking GM who wished to remain anonymous, who discussed the matter with Netzeitung.de.
Misuse of the data is very easy, said a former GM to Netzeitung.de ''It's all there, adresses, email adresses, passwords. One script would be enough to collect the information of 1 million online-game-afficinonados. Hobbies are also saved as users were able to fill in a questionaire to find similar minded HTers.''
However, it is not so easy to find the broken laws, seeing as HT is based in Gibraltar and the servers in Switzerland. For development purposes they setup the company Extralives which runs Battrick, Popomundo and other online games.
But companies based in Gibraltar must all agree to the Gibraltar Data Protection Ordinance 2004, that means companies who collect data must sign up to the Data Protection Commissar, and sign up to a register. The company Hattrick Inc. is nowhere to be seen in the online register. And anyone who works in Gibraltar for a company like this must also agree to the Data Protection Act - anyone without this is liable to be fined.
But why are users so careless? People tend to be more willing to be more trusting when you offer something they want.
I think it's something that needs further investigation before somebody's hobby gets them into trouble.
Sokker stores names, email addresses and ip addresses. Who is able to access this information? Mods are able to read deleted posts.
Any data protection laws are different for each country.
Where I work with have to take server and data access very seriously. We're audited quite regularly.
Here's the German article.
and a borrowed translation
Whether it be CCTV, smart chips, computer searches or address collections, most people frown upon governments or companies trying to enter their private space, but are remarkable careless when it comes to entering information for online games.
An example is the online game Hattrick, made in Sweden in 1997. Like in WoW, representatives watch over the game, 300 GMs watch over the game to make sure it goes smoothly. They look after applications, search for cheaters and remove bugs. And all the time they have access to the information of 950.000 users from the whole world and more information about millions of past users.
The data protection policy of the company Hattrick is notably woolly, and doesn't have to be accepted an application. IPs are saved, it says. All information, that you directly or indirectly enter into Hattrick will be saved, collected and used by us to prove cheating accusations, for deception or criminal activies.
How careless HT-users are when entering details was discovered on the anonymous HT-blog ''HT-secrets'' and revealed the shock of users that their information was being kept without their knowledge.
Not only are user entered details saved, but browser type, read forums, sent and received HT-mails, all log in attempts whether they be with the correct or incorrect password.
The saving of ''unlocking'' passwords is particularly worrying. Jörg Horn, safety expert, recommends an unlocking password (ed - potentially a security question) for systems such as banks.
With HT the internal system is somewhat unconfusing, the user has no chance to read his password or messages to enable him to misbehave. ''To make it clear, no user or GM is in the situation of reading private mails or see passwords etc. It is very important that you we express this''
Also to the GMs who use the Admin-Tool that is used for cheating accusations, checking out new users' information, this is a secret. The admin website, to which only GMs and HTs have access is linked to the databank, in which users' info is stored. With their help, potentially through the system used to validate new users' credentials, it is possible to carry out a computer search.
Thus it is possible for some people to see IPs, email adresses and saved data for active & inactive users. A written duty of silence, like a Non Disclose-Agreement (that's the German word) must be signed, but until now no GM has done this. ''But if you want to break this contract, the fact remains that for years people have had illegal information about users'' said one German-speaking GM who wished to remain anonymous, who discussed the matter with Netzeitung.de.
Misuse of the data is very easy, said a former GM to Netzeitung.de ''It's all there, adresses, email adresses, passwords. One script would be enough to collect the information of 1 million online-game-afficinonados. Hobbies are also saved as users were able to fill in a questionaire to find similar minded HTers.''
However, it is not so easy to find the broken laws, seeing as HT is based in Gibraltar and the servers in Switzerland. For development purposes they setup the company Extralives which runs Battrick, Popomundo and other online games.
But companies based in Gibraltar must all agree to the Gibraltar Data Protection Ordinance 2004, that means companies who collect data must sign up to the Data Protection Commissar, and sign up to a register. The company Hattrick Inc. is nowhere to be seen in the online register. And anyone who works in Gibraltar for a company like this must also agree to the Data Protection Act - anyone without this is liable to be fined.
But why are users so careless? People tend to be more willing to be more trusting when you offer something they want.
sokker and HT both hold a lot of data that is covered by privacy laws. All HT did wrong was they failed to explicitly get players to sign to say they accepted that HT could do whatever it liked with data to run the game.
I've no idea how strict Polish privacy law but they probably should make sure everyone ticks a box on application to confirm that you agree to all data being stored and used as needed.
I've no idea how strict Polish privacy law but they probably should make sure everyone ticks a box on application to confirm that you agree to all data being stored and used as needed.
I think Hattrick would be in violation in this country for making personal details available to the GMs.
If there are laws in the country where they register, then they certainly have to adhere to them.
On the blog there are banned IP addresses that really shouldn't be freely available.
It's only going to take one banned user to stir up some trouble.
If there are laws in the country where they register, then they certainly have to adhere to them.
On the blog there are banned IP addresses that really shouldn't be freely available.
It's only going to take one banned user to stir up some trouble.
I see your point now. What seems odd is why are they allowing GMs to see this info ? It's not like they need it in order to do their voluntary job ? As Vance says, probably an oversight they've not bothered to correct, lord knows there are enough of those in HT...
I don't think the Information Commissioner would make much of a fuss as long as they promise to do better in future. As long as they move towards having a clear public policy and making everyone accept it explicitly they'll be covered under british law.
God I'm glad I got a new job and don't have to worry about the Data Protection Act much longer.
I was slightly concerned to hear that HT GM's could see your password. What if I use it elsewhere? But it's only a problem legally if they don't tell you and in future it seems they will.
God I'm glad I got a new job and don't have to worry about the Data Protection Act much longer.
I was slightly concerned to hear that HT GM's could see your password. What if I use it elsewhere? But it's only a problem legally if they don't tell you and in future it seems they will.
If you use a password for a game somewhere else like a bank or similar, it makes you a total moron, and deserve to be robbed of every penny.
True, but I doubt many people use a completely different password for every single game/whatever
Imran does.
Imran is aware that bad people exist.
(edited)
Imran is aware that bad people exist.
(edited)
Jaize does too.
He is also aware that bad people exist but writes all the passwords on a post-it stuck to his monitor as obviously none of the hundreds of people that come anywhere near his office fall into that category.
He is also aware that bad people exist but writes all the passwords on a post-it stuck to his monitor as obviously none of the hundreds of people that come anywhere near his office fall into that category.
All the people you work for have more money than you - which just leaves the people you work with. You feeling lucky, punk ? :)
(edited)
(edited)
You've got more money than King Abdullah ? Then why are you working ?
It was the all bit. I think Abby might just scrape it on a macho bank balance waving sesh.
Anyway I go to work so I have time to play SK, obviously.
Anyway I go to work so I have time to play SK, obviously.