Jump to content

michaelk

Member
  • Content Count

    181
  • Joined

  • Last visited

About michaelk

  • Rank
    Novark Citizen

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. This is such a good point! Under GDPR any unique identifier is PII, including things like a player name. As I understand it, even a randomly generated token is PII if unique to the individual, such as a player ID. Exposing this via API/LUA is basically giving it to third parties, so.... something NQ should really think about. The US has no federal concept of PII laws, but many states have laws similar to GDPR.
  2. Okay, now we're back to talking about RL...fun! Let's assume someone placed the same kiosk near the entrance of a local mall. It scans everyone that enters or leaves the mall. There's no consent, no TOUs, no permissions granted. Is that illegal...? No, it's basically a security camera. They can write software and create a profile with various analytics, like how often you visit or the likelihood that someone in similar demographics will visit again. Yes, they can sell that data to third parties... To Hazaatan's point, it works differently in DU because it records your actual player name. The equivalent RL technology would be the same mall scanner, but with facial recognition that can attach your real name to the record. Now you have credit reports, social media profiles, etc...all because someone dared to walk by a scanner they didn't know about. Here's the screwy part...that's still legal in the USA. And yes, they could still sell that data to a third party. One of the few "regulations" that does exist has zero mechanism for enforcement and is basically written as a "please be responsible" guideline rather than a specific law: Source: https://uclawreview.org/2020/09/09/protecting-personally-identifiable-information-in-the-united-states/ The reality is that the USA has no concept of protecting PII in federal law. Not trying to be political, just trying to provide perspective and reminding people in the EU not to take GDPR for granted lol.
  3. Okay, I understand that now. Everyone calm down lol.
  4. First, there's a different between something being legal and me agreeing with it ethically. People use bots to scrape forums all the time. There's no way to obtain my real name (or any PII) from the data available unless I actually post it, so feel free to bot away. Bots are already scraping every post in this very forum, programmatically extracting emails for spam lists. That's why you don't post information like that anywhere.... In the same way, there's no way to obtain PII (personally identifiable information) from someone's in-game avatar in DU...which is what people keep repeating time and time again. No one cares if your avatar is logged when visiting a market. That isn't an invasion of privacy because that information isn't private. Nor is it remotely useful to track you as a human being... There's a LOT to be concerned about with internet privacy, don't get me wrong...but this isn't really at the top of any list.
  5. Lol, people have some really weird ideas about privacy and law. This very forum uses Google Analytics...it's literally the first lines of the source code. You're being tracked as you read this very message. Collecting anonymous data without your consent isn't illegal in the US. Collecting data and selling it to third parties isn't illegal, either! You must provide an opt-out form per California's new law (CCPA)...that doesn't make it illegal to sell your information without consent, it just mandates a method to opt-out of such transactions and requires you to burry some text in your TOUs. Spamming people isn't even illegal, there's plenty of wiggle room in CANSPAM. Hate to break it to you, but the law in the US really doesn't care about your online privacy. I don't know what you think people will do with this data that makes it so invasive...
  6. Contact Xsolla directly and tell them you need to cancel and will contest/chargeback any future charge. If they still don't cancel the sub, do exactly that -- contest the charge with your CC or bank explaining that their ability to stop a sub was confusing or not functional.
  7. Yeah, it's standard practice.......but. DU uses products like DynamoDB, which isn't all that cheap. If their data has significant heft (which is likely), replicating production data for testing becomes very material (thousands per month). Sure, you can load it with production data only when testing -- but that isn't fast and still has some cost. If NQ's dev team is already facing a mountain of technical debt and looming deadlines that will make or break their company, it doesn't surprise me that a dev might cut some corners in the name of expediency...hell, they probably explained the risk to their boss, who decided that testing production data was too expensive and time-consuming. Not making excuses, still a bad decision and bad policy. Baffling they don't have the tooling required to identify/fix exploits right after (or didn't want to use those tools if they exist).
  8. IP in this context stands for intellectual property. E.g. they could sell the game and tech to a different studio. I highly doubt this would ever happen, but JC was able to pitch this product to investors and somehow secure over $20 million despite never working in game dev before...so it isn't outside the realm of possibility.
  9. Churn is inevitable with a sub-based product, especially one that hasn't really been updated in the 5 months since release. I doubt they expect subs to grow while in beta considering the lack of substantial updates. There's a lot they could do before giving up: They could push the game to release and delete these forums. Presto-chango, they have a bunch of new players and all their beta mistakes magically vanish. They could lay off a bunch of people -- which is the worst. We might have opinions about the game, but it is never good to see someone's livelihood affected by poor leadership. They could permanently close those expensive offices - I'd guess everyone is working from home, anyway. They could shrug and keep going. We have no idea how much runway they actually have left -- for all we know they still have funds enough for another two years of dev and they never really planned for beta users to generate significant revenue. Perhaps the reason they haven't amped up marketing/social growth is because they know the game isn't ready...and are saving those dollars for actual release. They could sell the IP and actually give up/go home, but I wonder if anyone would buy it.
  10. A wipe doesn't make sense at this point IMHO. There's gong to be more issues between now and release. It isn't like their dev team will be gaining morale as time moves forward. They're facing ongoing churn, looming deadlines, and a project stuffed with six years of bugs. We just wanna play a neat game, they want to keep their jobs. Stress like that leads to shortcuts, which leads to more mistakes. In other words....if they do a reset tomorrow, there will be another exploit next month...so it isn't like it'll restore stability or fairness to the economy for long. A big part of beta is testing for scale -- resetting players back to square one would be counter-productive. NQ isn't just concerned about meeting some promise, it's critical that they are able to test for stability as the game's content grows. They probably see this as more important than (what they perceive as) short-term glitches in the economy. Should they have made an effort to reverse this damage...? Yeah, obviously....but records don't appear by magic. If they had ready access to a test server loaded with production data, this probably wouldn't have happened to begin with. Without that, there's no safe way to programmatically revert exploiters -- you'd risk further corrupting production data if you don't have a way to test such changes.
  11. NQ had a very small window to execute a rollback. It might not have even been feasible if they didn't snapshot the data before the production rollout. This decision had to be made minutes after they realized the issue -- I don't know NQ's internal decision-making structure, but my guess is that JC made this call. Please remember that NQ's devs are spending all day wrestling with an old codebase trying to implement features that were never planned for while also trying to fix six years worth of bugs. I do sympathize. Morale is a huge deal in dev -- they're facing a narrowing timeline for releasing a big update, subscription churn, and mountains of tech debt. Disciplined release procedures aren't likely the top of their list. They might not even have approval to run a dev/test server -- DynamoDB can get pricey. 100 TB of storage is about $25k a month -- that's over 3,000 subs worth of revenue. Spinning up a dev instance is material at that scale (I have no idea how much they stash in Dynamo vs. Mongo or how much data they really have). They surely have a test environment, but possibly not a replication of production data due to cost. A careful reversion where they query the DB to precisely target and roll back exploiters...? That isn't necessarily simple -- it may not even be possible. We can only guess about what data NQ actually logs or how it is structured! If they don't even have a real dev environment to test changes to production data, doing a reversion like this would only introduce more risk. I'd be very nice to know how widespread this exploit actually was -- are we talking a small handful of players, or trillions in schematics? I guess time will tell?
  12. It does matter. If terminology didn't matter and "no one cared", why would marketers be so eager to brand things as beta vs. alpha...? There's a reason the industry has abused these labels in marketing...they know that people will be more attracted to a beta product than an alpha. Not all consumers care about the labels, but enough do that it compels marketers. To be fair...if the point is "it's 4 months into beta, relax, it's not close to being finished" -- that point goes double for DU actually being in alpha. It'll take patience to see how the game evolves. Just remember that the game has been in dev for six years already. Not like these are early days and they have barely had a chance to dig in. Don't expect the pace of dev to rapidly accelerate as it nears release, and expect that "release" actually will mean "beta".
  13. Yikes. This is the first I'm hearing of this...stupid work. Just like real life, my chances to become rich just slip on by. Does NQ not have dev/test servers...? Why are changes getting rolled straight into production without any testing, first...? I feel bad for whoever made the mistake...but this sounds like a general lack of discipline/caring from the dev team. There should be protocols for touching production data! I just hope they don't blame the dev/devs that screwed up but instead ask why the heck they were allowed to roll a change like this into production without testing...or if they did test, why it wasn't caught.
  14. Yep, I've been through worse subs for sure. Hell, I've created worse subs than this by far...actual shady shit I'd rather not talk about lol. I appreciate that NQ added a real button in the account -- that's definitely an improvement compared to beta launch. Still, it really isn't that hard to create a sub system anymore. Plenty of providers other than Xsolla. Maybe they'll migrate to a new platform near launch.
  15. Obfuscating the ability to cancel a sub isn't a best practice anymore and is increasingly uncommon. Most companies realize that hiding cancellation doesn't earn you more revenue -- it's counter-productive. If Netflix made me call in or hunt for a cancel link, the chance of my re-subscribing on a whim vanishes. It doesn't lower my desire to cancel, though. At the point where the customer wants to cancel, the only concern should be how to get them to re-sub later...if you make cancellation difficult when they've already decided to stop paying, you've shot yourself in the foot. Customers that cancel are also customers that once had interest enough to pay...it's good business practice to treat them as potential future customers rather than obfuscate cancellation for the sake of eeking out another month's sub due to annoyance. Visa even has new rules governing subscriptions which would have already gone into effect already were it not for Covid delays. Among other things, it mandates an "easy" way to cancel subs and requires a reminder email 7 days before any trial subscription converts to a paid one. I think younger people especially might not be familiar with the old school "hunt for the cancel link" style of subs...that doesn't make NQ "thieves", though. I don't think it is malice, just that they have other things to do and haven't thought about this UX (they definitely should, though). If you really have trouble cancelling, email or call Xsolla customer service and threaten to contest or chargeback future charges if they do not cancel billing immediately.
×
×
  • Create New...