Warning if you get hacked GGG will do nothing to fix it!!!

"

Marquoz написал:

I'm just curious why keyloggers are being blamed. Think about the last time you entered a password into your email account, your path of exile account, or pretty much any account. I think the last time I actually keyed passwords in was about 6 months ago when I first got my laptop. Other then that it is saved. How would a keylogger catch any account names or passwords if they are never entered? I think there is more to it then just keyloggers.

there is. that's just one of the culprits. Malware/bruteforcing/internet sites that have been compromised or sold their information etc... are some others

"

Josephoenix написал:

"

Marquoz написал:

I'm just curious why keyloggers are being blamed. Think about the last time you entered a password into your email account, your path of exile account, or pretty much any account. I think the last time I actually keyed passwords in was about 6 months ago when I first got my laptop. Other then that it is saved. How would a keylogger catch any account names or passwords if they are never entered? I think there is more to it then just keyloggers.

there is. that's just one of the culprits. Malware/bruteforcing/internet sites that have been compromised or sold their information etc... are some others

Keyloggers are pretty much the 'big fear' sort of like talking about hurricanes when many other things can get to you. Saved passwords via the browser is actually worse. Keyloggers have to wait for you to type the password in. Malware can just go to the settings to view them all.

3rd party password savers could probably help, especally if they aren't popular. Anyone know of any trustworthy programs ? Personally, I'd rather not get a program that turns out to either be malware or a legit program that decides to do things like 'save them on the cloud' for easy break-ins.

Though honestly, if you at all suspect a keylogger, you should be focused on removing it, rather than 'tricking' it to hide a game login.

While I take responsibility for my own security short comings that allowed someone to get into my account I still refuse to take 100% of the blame. And it's not GGG that I am blaming, it's the cheaters. They drive the black market economy, they drive the theft. If you buy currency or items with real world money you are part of the problem. What GGG needs is a better way to find the cheaters (near impossible, I know) dry up the market a little bit.

I'm really glad that GGG doesn't cater to these people.

The type of person who gets keylogged, doesn't know it and or doesn't change their password, uses a weak password or uses the same password for their email and their PoE account doesn't belong in this game.

The simple fact of the matter is that restoring items and characters opens a huge loop hole for exploitation. Add this to the fact that the type of person who needs this service is dubious at best, I'm glad that GGG doesn't cater to these types.

This isn't a, "customer is always right" scenario. The integrity of the game needs to be considered. This would be more akin to playing a professional sports game without officials. You may kick and scream at the calls they make but ultimately it's for the good of the game.

"

Marquoz написал:

I'm just curious why keyloggers are being blamed. Think about the last time you entered a password into your email account, your path of exile account, or pretty much any account. I think the last time I actually keyed passwords in was about 6 months ago when I first got my laptop. Other then that it is saved. How would a keylogger catch any account names or passwords if they are never entered? I think there is more to it then just keyloggers.

"

Dakarian написал:

Saved passwords via the browser is actually worse. Keyloggers have to wait for you to type the password in. Malware can just go to the settings to view them all.

This.
When a person isn't typing in their password each time, that means the password is saved on the computer, and can be picked off the machine without even needing a keylogger. Aside from that, keyloggers aren't the only thing that exist, but rather packet loggers exit too, and can pick up the transmitted password packet without the user having to type anything.
Sure the password is likely encoded/hashed in some way, but that does not mean it's protected from cracking; it can be quite easy, and it's not necessarily the encoder's fault, but rather more-so the fault of keeping the password stored on the system.



Regarding blame, it is a bit silly/exaggerated to say that it's a person's fault for being hacked, but that doesn't mean they didn't contribute to the event occurring. Blame is a tricky ad somewhat pointless thing because it tries to pin everything on a single entity, when in reality the entirety of existence is comprised of millions of smaller factors constantly interfering/interacting with other ones. Do you blame a child for acting a certain way, or the parent? or the parent's parent? or the child's friend? or the child's friend's friend? It's all related.

Until they're proof otherwise, who's NOT at fault is quite certain, and that is GGG. GGG has their own security, and there's no indication that such security has been breached. They have limited/no responsibility for ensuring people are running their machines/accounts/passwords securely, but rather that people just aren't stealing passwords directly from the company server.

The blame is mostly on the predator themselves, and then the victims are just enablers of that behavior due to their poor security practices. People put their money in bank vaults so that it doesn't get stolen; you can't help but say that a bank was enabling a robbery to occur if they were keeping large amounts of money outside of a vault.


Regarding the terrible analogy of rape, appearance has nothing to do with what gets a person raped; it only might encourage people to ATTEMPT it, the same way having lots of money in a game may encourage people (although generally it's pretty difficult to target user's accounts directly; that's the difference with online vs offline). What affects whether a person gets raped or not is the person's security practices and behavior; if they don't walk with a friend when in deserted areas, or carry a weapon/defense-mechanism on them, or have taken self-defense classes (as disputable in value as they may be), they're more likely to be successfully raped than otherwise.

Also for the rape analogy, [even] if it wasn't the victim's "fault" at all, it certainly does not mean that it's the shopping mall company's fault just because she got raped in their parking lot; GGG is the shopping mall; they have no blame.

"

terrorist написал:

The type of person who gets keylogged, doesn't know it and or doesn't change their password, uses a weak password or uses the same password for their email and their PoE account doesn't belong in this game.

Who are you to say who should and shouldn't belong in this game?

"

nachodotcom написал:

"

terrorist написал:

The type of person who gets keylogged, doesn't know it and or doesn't change their password, uses a weak password or uses the same password for their email and their PoE account doesn't belong in this game.

Who are you to say who should and shouldn't belong in this game?

He's not in a position of power, but that doesn't mean he can't have an opinion.

If you disagree with him, you should explain a rebuttal rather than just stating "you can't do/say that!"

"

Xapti написал:

Also for the rape analogy, [even] if it wasn't the victim's "fault" at all, it certainly does not mean that it's the shopping mall company's fault just because she got raped in their parking lot; GGG is the shopping mall; they have no blame.

So you really do believe in this stuff. You even put fault in quotes. As if it's strange to assign fault.

Also, if there were multiple consecutive rapes at a shopping mall yeah I'm pretty sure whoever managed the mall would come under severe scrutiny and would be pressured by the community at large to get a shitload more security.


It's an extreme example, yes, but it points to the absurdity of just continuously blaming the people themselves for getting hurt by others.

And I do agree with the general premise that it's not GGG's responsibility to protect people's account security completely.

That doesn't mean there couldn't be a lot of additional things they could do to help, though. A number of excellent ideas were already posted in the thread.

1) Two-factor authentication
2) Keeping closer track of items by assigning a unique hash to them on pickup

Here's my own idea:

3) The creation of a "safety code" that cannot be retrieved by e-mail. This code could be used to instantly lock your own account in the case of a bad event.

People might not use such features like 1) and 3) properly but if it stops even one person getting hurt from this maliciousness, it's worth it.

GGG is the bank here. They hold all the cards and all the items, and just like I expect my bank to protect me even if my credit card gets stolen, I also would expect GGG to do their best to protect me if my account got stolen.

Authenticators are something they said they would like, but it'll take a while to put in.

The issue isn't with tracking the items. It's in what to do when you find it as the item won't be on the hacker's account. If it's sold to another person then find them it, what happens? Do you have to delete the item, thus turning Trade into a game of risk? Do we have to revert everything to 'before it happened'? What happens when you buy a 6L white, Alch it, then sell it to another for an Exalt. What happens when the hacker gives it to a friend, the friend gains a level, then GGG finds it? Do they keep the level? What happens when the hacker sells it to you and YOU, who is innocent, gain the level?

Finding the items isn't the hard part. Fixing the effects the stolen items have done is the hard part, as you'd have to manually alter every account affected to remove any advantage the item offered. Meanwhile, Trade has become a confusing place where one unlucky trade could result in suddenly seeing the item you asked for 'reset' or lost items. That's before the hackers start trying to manipulate the system, sometimes just to troll. I've seen them push towards banning players using stolen CC cards and a cash shop gifting system: no gain to themselves, just pain to others.

I'd model it directly after what a bank would do in such a situation.

I'll respond with a question:

Let's say my credit card gets stolen. I do not notice that it is gone for an hour or two. By the time I realize this and have the account locked, the thief has already racked up all sorts of things and then resold the items.

How does the bank handle this? Are the charges on my account canceled? Do I still have to pay for the items? What about the goods? If they are discovered, what becomes of them? Does the buyer get to keep them? Is he compensated for his loss?

Etc.