Petition for Hacker's characters name release.

I'll just post my reply to Gaile Gray direct from the 'About Account Security' thread. Its all pretty self explanatory. If you want to join the petition, please reply stating your support to this thread itself, one post per person is more than adequate. Thank you PS: I will be thinking of ideas for appropriate action to be taken should ANet not do anything in the case of support reaching a sufficient level... but I welcome any and all arm twisting tactics the community can come up with.

Copied direct :

I'm personally starting a petition to get the names of these hacker's released. There is no definable justified reason to keep their names from the community. All you say is "a bad idea", Gaile. Forgive me if that doesn't quite cut the mustard...

Releasing their own account names, or preferably (since their account names are not of interest to me, or non-hacker scum that proliferates the rest of the community currently interested in this topic and the issues relating to it) their character names, would have many benefits but i'm just going to list a couple for your perusal before I get the ball rolling :

1) Firstly, there is the question of morality. How dare you assume you have the right to keep the names of these £"$%&!$*'s who are doing this from a) the people whose accounts, time, and sense of security in playing GW have been stolen from. Quite astounding. B) secondly, throwing an undeserved veil of anonymity around them from all the people in the GW community who, though not violated themselves personally yet, run the risk and take the chance every day they hold a GW or PlayNC account of having their hard-earned items and possibly even their long-laboured characters' taken from them.

I think you are a little outnumbered in regards to the amount of people playing GW that are at risk, juxtaposed with the few numbers of people in the ArenaNet organization who are charged with making these decisions. Far far outnumbered. Also, it stands to reason that no member of ArenaNet themselves (that play GW, for any particular reason) have had 'their' account stolen... so, furthermore, one might surmise that noone in ArenaNet has the right to even contribute to the decision making process of whether or not these person's names are wrongly withheld, or otherwise.


2) Secondly, there is the matter of prevention. Yes, it is required and right (not particularly 'good', as some have stated) that you fix this problem from a technical and logistical standpoint. After all, people who feel little security when playing a game in regards to the acheivements, equipment, and progress that playing it earns them, aren't going to be particularly encouraged to hand over more money to NCSoft for the right to experience new chapters. However, have you ever head of something called a "deterrent"? Incase you don't, let me paste a synonymous defintion for you Gaile :

- A retaliatory means of discouraging enemy attack."

Anyone with a brain cell can probably see where i'm going with this... if the names of these hacker's (if they even have the skills to earn that designation) own character names were revealed to the community, the 'deterring' effects of widespread rejection from groups, trading channels, and most likely the deserved emotional backlash they would reap would be immediate, unmitigated, and of which we are damn sure : effective.

Basically, this keeps happening because you keep it under wraps, unfairly. You say "people are being dealt with", but other than your word (which to be honest, by itself, is vague... and non-committal) we have no idea what kind of justice or penance they will be required to give to make amends. For all we know, they get a 2 week to 1 month ban, or something equally impotent, just to make sure you don't lose a valued customer for the next expansion. Noone is being made an example of, publicly, which in my opinion... and the opinion of many other's, is one of the main -contributing factors- to account orientated misdemeanors being so proliferant. I mean, come on... this thread had like probably 30 different people post in it, and at least 5 of those 30 that bothered to respond were victims of such account violation.

As such, I shall soon be starting a petition if I perceive enough support (with appropriate consequences should inaction be favored despite sufficient numbers of supporters who desire some real, tangible, and transparent consequences for this sort of behaviour), for some real action to be taken, action that will have some real effect, and send a real, papable and obvious message to any other currently active account hacker's in the community, and to any people currently having 'ideas' about following in such steps.


- Tremere

Before it gets locked...

Lets just say, from a company stand point, releasing their names makes no sense.

With my "hackers" name, there was no character name to release, they got in from my PlayNC account. You could release their IP, but I'm pretty sure that would be unlawful... and well, what about the falsely accused?

Think about it kid,
Do you think it would be good Business if there was a Link on the home page for Guild Wars titled "LIST OF HACKERS" with a page full of character names?
Wouldnt it just be easier to ban "hackers", rather then leave them unbanned?
Does Arenanet even Care? When my account got hacked i had to go through hell to get my account back, and to make things worse, the hacker PM'ed me a few days later taunting and teasing me, ADMITING he had accessed my account and deleted my characters and cleaned out the bank, Took SS, sent in to ANET and what do ya know "We are investigating" 2 months later, the kids still playing o_O

One big flaw of this, who's to say that the hacker's account isn't a hacked one and belongs to someone legit? In this case, naming that account does nothing to the hacker himself since all he has to do is discard that account and viola! Problem solved. On the other hand the legit owner of that account is now screwed. Knowing the hacker's account/character names in this case does little to no use and could be hurtful to legit account owners who were hacked. Would suck majorly to get back a hacked account only to find that it is now a named hacker's account.

I agree with this bit, how would it look to a new player or someone considering playing to see this big old list of hackers? It would give many pause about playing the game for fear that they'd be hacked. I really think it's better we let ANet deal with them quietly.

-- Again, you are not reading what im saying. We do not care what is in the interests of ANet, ANet will take care of its interests more than enough for itself, its a corporation after all. This is a thread for the interests of the community... and that INCLUDES those new players... which have a right to know if there is such a bunch of hacker's who have been able to compromise security on GW.

You all are just basically reinforcing all my previously stated arguments.

So for that, at least, I thank you


- Tremere

Name and Shame might be a way of deterring, but it has HUGE legal implications which makes it unworkable.

If Guru allowed them to be posted, in some countries they would be liable for any damages from any libel or defamation case that was bought before them. I doubt guru has the resources to fight just one of these cases so as objectionable as it is keeping them off the public forums is for the best,

Now if someone else wants to set up a name and shame site then good luck, but be prepared to fight or stave off several legal threats a year..

Same goes for Anet. Do they want to stave off legal action or use the money they would spend on lawyers on the game.

The days when any website can publish any information they like without fear of legal reprisal are long gone.

Think about it. AN publishes a list of names, we've seen they can make mistakes(banning the wrong people etc) and puts a name up.

Said person reads list, knows it's defamatory and libellous and files an action(maybe class action) against AN. AN would have to either take the name down and offer reperations(thus leaving the door wide open for more) or go to court and spent hundreds of thousands of dollars fighting it.

Tremere,

It doesn't make sense that they would have the hackers characters name. They don't hack using their character names (which can be deleted, and thus reused, causing even more problems), the only knowledge Anet has of these hackers is an IP. Because the common hacker steals many accounts, it would be almost impossible for arenanet to tell which account is that of the actual hacker.

We are talking about in the case of there being adequate proof to support any such name's being published. As for the money they would spend, I really don't care.


- Tremere

As it is if its hacked into via plaync they DO give you the IP... When someone tried to hack my husbands account over and over they did give the IP each time the attempt was tried (9 times to be exact). What I wish they WOULD do is when you contact them that these were unlawful hacking attempts that they would ban the IP or at least try to look into it rather than telling you your password isn't good enough.

Here here

Corporate self-interest at its finest :P

Seriously, as stated anyone caught of doing this will have their account banned. Therefore, having their character name won't do you any good. They'll be unable to login to face your wrath.

I've reported people for scamming and then 2 days later logged in and typed their name into my friends list to see if they ever logged in again. Surprisingly I was unable to do so because their character name did not exist. If people get perma banned for scamming I think stealing accounts might at the very least merit the same result.

At the very least I think Anet should take legal action against anyone found doing this. They can then pay out the reparations won (if any) from such action.

Honestly, it could be solved really simple:
Treat it like every other online thing ever.

Want to reset your password? Sure, we'll send you an email. Please confirm it, and we'll let you. Or heck, we'll send you a temporary password in your email.

It's all well and good releasing the names of these people, but in doing so, it crosses a line. Once that privacy has been shattered, where do you draw the line? Say someone scammed someone else, their name could be put up there. Then say someone made an honest mistake and managed to grab something supposably very expensive for a few gold and was reported as a scammer.

These are some basic examples, but nothing is purely black and white.

Define adequate? Had my name been up there I would want a court to decide what was adequate or not

I care where AN spends their money. I would much rather it go on the game than on lawyers(apologies to any lawyers here)

Of much more concern is the no restoration of accounts policy. Now that is an additon to the store I would welcome. Pay say $50 and it buys you insurance against deletion, add in a character lock feature where to delete it requires an email auth. These are all simple changes, that combined with user vigilence would make GW a much safer place.

Back to the topic in hand. An will never release names as
1. The Legal exposire is too great
2. It would contravene several countries data protection laws
3. They would rather put resourses into game development than legalese.

Firstly, you cannot add someone to friends if they are not online. So that doesn't necessarily mean their account has been banned or deleted. Secondly, if you yourself have been put on ignore by them (a common tactic) then they will appear offline to you, and consequently, i doubt you'll be able to add them to a Friend's List either.

As for your second part :

"At the very least I think Anet should take legal action against anyone found doing this. They can then pay out the reparations won (if any) from such action."

I fully agree with everything you have said. Now we are getting somewhere people


- Tremere

You can add people to friend's when they're offline.

Pretty much, and any user engaging in unsavory activities knows how to hide IPs. Hell, I change my IP daily just by restarting the cable modem.

I don't understand what any of this accomplishes anyway. It's just a useless list of names to throw people a bone?

Any honest gamer would of tried to rectify such a mistake in short order, and therefore could prove (or the accusing party consequently 'couldn't prove otherwise) their innocence. Accident's happen all the time, but i think you people are exaggerating the issue of how often it is hard to judge the difference between an honest mistake and a real crime. I pick up ecto's in UW by accident, honest mistake... while doing 50/50. You know what? I drop the extra ones if i've taken too many. People understand that, and I don't get reported do I. That happens to everyone, all of the time. This really has nothing at all to do with the issue being discussed.


- Tremere

Actually you can I just logged in and added someone who wasn't online. And I have added people in the past that have had me on ignore. So........

I hate hackers and all but I also think it's a legal matter - not one I personally have to deal with, someone with authority deals with stuff like that or.... the terrorists win

There are far more ways to identify a user than IP's. If you know anything about the internet, you would know that. As for what a released list of hacker's character's names would accomplish, please see the opening post of the thread. Thank you

And there's plenty of ways of circumventing those identifiers as well, but you must have known that as well.

I read the opening post a few times. I didn't find any reason except to just throw you a bone.

Thats all fine and great but it doesn't do much to the person who tried to hack your account even tho they do have the IP (granted it could be a cover IP but its a lead none the less - heck I tracked the one to someone in our area, but couldn't get any further than that).
My husband is pretty careful with his passwords.... I mean heck its just long enough not to be easily crackable (thankfully).

While I don't see that releasing names would do any good other than to promote legal fiascos there ARE things that they could do that wouldn't. I mean it doesn't take much to track these things down if you have the knowhow and yes I do know it would take a lot of manpower. But if they ran across the more easier ones why not ban or block that IP? Or heck in some cases the woodbe hacks are not even smart enough to not use a random IP or to make a fake email addy... At least THREATEN them with legal action.
However catching your more talented hackers is not as easily done and would likely turn into much more hassle than its likely worth.

In the end I don't the best way to stop these hax0rs but there has to be something more that can be done for those getting their accounts ripped off. >_<

Perhaps the stupidest thread I've ever seen!
I mean that seriously

There is no vaild reason for Anet to release names and a millions $ worth of reason not to!

Lets count the reasons why!
1) Legal. Federal, International. All kinds of laws would rain firey hell upon Anet.
2) On going investigation.
3) Privacy, both haxors and Hackees. Don't give me that once you commit a crime you loose privacy BS.
4) Moral. What will knowing the names of the attackers do? Insight voilence, See implication 1.
-Let you slander there name all over your LJ...Myspace
-Have you track them down and give them a stern talking too!
-Tell you dad so he can go beat his dad up!
5) Company policy and precedent. Next you'll wanna know the names, IPs and personal details of every bot or spammer.
-Not to mention negating a companies privacy policy. Hackers names is only a short step away from the person who was hacked, think of the implications.


Anet changed there procedures and are adding new features to prevent this.

If it's Your security your worried about. Don't be stupid follow there advice. Don't use a public account addresses. And other suggested security features

Now a question to the OP, What would you gain from learning ther names?

Well did YOU think before posting?
Don't discard other persons opinions by simply saying "think before posting" just because they don't share your point of view. I'm quite sure all of them have put a lot thought into their posts. So please, refrain from subliminally calling someone an idiot by stating they didn't think before they posted.

About the idea itself. Just don't do it. For some Scriptkiddies this won't be a Hackerlist but moreover a Hall of Fame they can brag and enlarge their E-Ego with. Just a similiar example, there was a game that didn't have much problems with the random PVP it allowed. But one day, the company decided it would be a good idea to activate a PK Hall of Shame. Guess what? That very same day the whole game became pure forced PVP with people aiming for the Hall of Shame Top 10.
Another example, there are several rate an image websites out there. And you will allways have the odd one out that aims for the lowest possible score to get into the hall of shame.

This is the same with your published list. It's a MOTIVATION to hack someone else's account for some sick kiddos. Instead of seeing less hackers, you will see a lot more. And yes, this post had a lot of thinking before i posted.

Tremere one thing you do have to realize is that some hackers are underage and even when tried in a court of law they cannot give the press or general public the true identity of the hacker.
Honestly even though your cause is great and so many of us would like to see something done - maybe an account lockdown after 3 attempts or something until the email account holder can verify the attempts - banning of the IP once the company has been notified that it was indeed someone trying to hack...

Even with these things there is not any real way to guarantee safety for us other than following the guildlines - there is no way that they could go about telling us names (even character names) that might bring some legal crap in it for them that likely would result of yes invasion of privacy since hacks are so very hard to prove.

For the most part that is what the general public is yelling. There are little things they can do to help like those I've suggested but beyond that we have to do our best to protect ourselves, so try to understand why people are going OMG IDIOT! (and most of them typically don't read an entire thread so chances are my posts were unviewed as many just read your opening argument before starting their tirade).

If there is anything beyond what a few of us have suggested then I wish for it to be implimented.

"Don't discard other persons opinions by simply saying "think before posting" just because they don't share your point of view. I'm quite sure all of them have put a lot thought into their posts. So please, refrain from subliminally calling someone an idiot by stating they didn't think before they posted."

I actually write "Think before posting" when it is obvious from someone's comment that they haven't read one of my previous points, or quite simply say something really dumb, like Sekkira, for example.

As for your other point : "It's a MOTIVATION to hack someone else's account for some sick kiddos. Instead of seeing less hackers, you will see a lot more."

Obviously the community playing that game had alot less backbone that the GW one, and backlash against the Hall of Shame entrant's was pathetic, unsustained, and impotent... which is not the sort of reaction i think GW account hacker's would receive... at the very least, from people whose accounts have been hacked, and the people that know them aswell.

So... err... oh yeah : "Think before posting."

Teehee

Internet security issues are usually a bit difficult for common players. Proper password should be easy enough but necessary updates to the operating system probably aren't. I would suggest Anet to lock each account to certain IP-ranges by default so at least it would close unauthorized usage from foreign countries even if you get a dynamic IP. The problem would be to find out what IP-ranges each ISP is using at the player's region so it won't get locked when your ISP changes your IP.

Revealing the names of account stealers just creates more hate and doesn't really solve anything. They have multiple accounts and usually won't steal accounts so that they can play the game but use them as bot accounts or do something else which has risk of being banned. So at the end there would be just a chance to have innocent players to the black list. Player communities can't handle things like this reasonable enough. Chances for abusing are obvious.

I agree, any radical idea's and approaches to fixing problems are usually met with resistance until the required level of research and effort is put in to making them workable and the real tangible effect they have can be seen, consequently changing people's opinions over time. I am, and was, prepared for all of this. It doesn't change much at all, fortunately.


- Tremere

i do not understand the sense of this petition.

someone hacks your account and destroys everything for the pure fun of it.
the hacker doesn't have to be a legal customer at all.
what account name do you give to public. there is nothing.

if he transfers the cash and items to a legal account you can't be sure
that it isn't an innocent player/guildmte that is abused for the transfer or disguise when he hacked multiple accounts to cover his tracks.
when such a list is public after the first day you can be sure that every hacker will cover his trck very carefully leaving only innocent people on the list.

determine the ip address for sure is not possible.
a) the hacker can have a dynamic ip address
b) the hacker can spoof an ip address
c) the hacker can ask his provider to change his ip address if he has a fixed ip (giving the reason that he is a victim of DOS attacks
d) the hacker can set up a proxy
c) since gw works on every computer that is connected to the internet he can use the inet connection of someone else for his attacks.

/notsigned bc senseless

Tremere, of the 42 posts in this thread (this being the 43rd), you stand for 17 of them. This thread is two hours old, that means you've posted more then once every 8 minuites. Give it a rest, let other people discuss the topic at hand before you shoot down their arguments. You don't even take the time to think about what others have written before you post an answer to it.

Sorry my patronising-ometer just went off. Some EULA's have been upheld in court. The BnetD one for example. However this was to do with reverse engineering, not privacy. To my knowledge the right to privacy is a fundimental right in most nations so for AN to broadcast such info would be inviting law suits from the EFF to class actions. For example the EU constituion has in it several clauses that guarante an individuals privacy. I can really see AN having the money and will to fight that one

Companies HAVE to have a privacy policy, not having one is bad mm'k, this is especially true in Europe where US companies need to abide by safe harbor agreements in order to export data and products to and from the US . Breaking it is also bad news. Those safe harbor agreement mean you cant just put in 'we have the right to name and shame who we like, so long as we(in secret hidden away) have done the investigations

In this case all AN's EULA does is help provide mitgation for any action taken against it. However to test those mitigations requires a court case. Which can and would get messy and expensive.

Dude, please face the facts. It's not defeatist it's how it is. In an ideal world everything would be hippy trippy happy and we could say and post what we darn well liked. Back in the free and easy days everything was just given away and no body minded, yipee.

We Aint in Kansas anymore.

Throwing out some random numbers and statisical analysis of my posting pattern doesn't mean much other than prove my interest and concern over the issue. People can post when and how much they want to. No offense, but i started the thread, and the fact that people are discussing could be traced back to me raising it. I read every post, and all i've replied to i have thought about, thanks. If you are scared of my responses, maybe you shouldn't post either. Many thanks for your contribution


- Tremere

It does more than prove your interest and concern, it proves everyone else's lack of interest and concern. This will be the 47th post and not a single person has agreed with you so far, doesn't that say something about your 'petition'?

Post that section of the EULA.

Then Dictionary.com for assistance Re: Guilty.

Wikipedia for information about international laws related to digital offences and internet laws and regulations. And possible other links.

A indepth understanding of legal proceeding and you'll be in the realm of sanity.

Once/If there found guilty in say 5-7 years, remembering you can appeal.
You might get your list, If and this is just a big IF now. Someone in Anets legal department doesn't get around to explaning the legal implications of suppling their names with out permission.
And more so for the intent you have.

Important thing to remember. And I'll post it so you understand.

Legal Justice defeated EULA. +25 faction for Justice.

Get real, please. Ironic you would post that!

/signed. To close this thead and burn the digital media preserving any traces of this insanity.
Petition to release the names of Stupid forum posters, currently increation! (THATS A JOKE, Otherwise I would have to add me own name to the list!)

Flames aside, not even GuildWarsGuru.com allows people to announce the name of scammers. I think the counter-arguement has been made clearly in this thread and this will not be happening. So it's being closed.