Page 1 of 3 123 LastLast
Results 1 to 20 of 41
  1. #1
    Community Member
    Join Date
    Nov 2007
    Posts
    21

    Default Do GMs have access to our personal information?

    [Everyone, please keep the discussion civil and on topic, this is important and I'd rather not have the thread cubed]

    Over the past couple days, I have seen friends and guildies log into the game while they were supposed to be "out on mandatory vacation". My first reaction was "woah how did you...!?" but when I brought it up with them, they were as surprised as I was and obviously could not get in the game themselves. The consensus was that some GMs were logging in to put in action their "extreme prejudice" policy that has been stated here on the forums. The accounts are completely locked out to players, so this is clearly not a "hacked" account or stolen password.

    I don't really care what the punishment is for the recent exploit, this is not what this thread is about, but am very concerned about how the GMs are logging in as the players themselves, which brings up many serious questions about own information:

    - Do GMs have access to my username and/or password? If so, do they have access to an encrypted password or plain text? If not, how are they accessing the accounts?

    - Do GMs have access to my real name, home address, email, phone number & payment information? (All available given the information above)

    - What are the limitations for GMs when logging into the game as a player? Can they impersonate the player and communicate (chat/tell/etc...) with others? Can they receive communication from tells, guild chat, general chat or user channels (e.g.: from people who assume it is really the player)?

    - Do GMs have full access to the characters that players do? (Can they play as the character, post LFMs, trade, buy/sell stuff, destroy items)

    And to sum up:

    - In what situations are GMs allowed to access my personal/account information and how can they use my this information?

    - What is Turbine doing to make sure this access is not abused by GMs (I don't expect perfect GM compliance with Turbine policy here, I've played the game long enough to witness many GM infractions, there will always be those that go too far but this goes beyond anything else...)

    Thank you
    - A concerned player

  2. #2
    Community Member kned225's Avatar
    Join Date
    Feb 2011
    Posts
    552

    Default

    Its 2013. Everybody has access to your personal information if they want it!

    I doubt gms would need your actual personal information to log in on your account, but i dont get your concern.

    When you phone pretty much any company with which you're a customer, u talk to some yokel who has all your personal info in front of them

    Why are yokels ok and gms not?

  3. #3
    Community Member Charononus's Avatar
    Join Date
    Jun 2010
    Posts
    5,345

    Default

    If this is true it's pretty sad that they need to log in to delete duped items. That said I'm not 100% convinced that's what's happening yet.

  4. #4
    Community Member
    Join Date
    Aug 2010
    Posts
    787

    Default

    Quote Originally Posted by Qmulate View Post
    1. Do GMs have access to my username and/or password? If so, do they have access to an encrypted password or plain text? If not, how are they accessing the accounts?

    2. Do GMs have access to my real name, home address, email, phone number & payment information? (All available given the information above)

    3. What are the limitations for GMs when logging into the game as a player? Can they impersonate the player and communicate (chat/tell/etc...) with others? Can they receive communication from tells, guild chat, general chat or user channels (e.g.: from people who assume it is really the player)?

    4. Do GMs have full access to the characters that players do? (Can they play as the character, post LFMs, trade, buy/sell stuff, destroy items)

    And to sum up:

    5. In what situations are GMs allowed to access my personal/account information and how can they use my this information?

    6. What is Turbine doing to make sure this access is not abused by GMs (I don't expect perfect GM compliance with Turbine policy here, I've played the game long enough to witness many GM infractions, there will always be those that go too far but this goes beyond anything else...)
    Shortened it and added numbers, so it is more clear what am I responding to:

    1. GMs dont have acces to plain text of your password. Not sure how it works in DDO, but generally (and since the conjoin of forum and game accounts) they should have acces to your username and they should be able to trace you IP.

    2. Not by default. Read EULA.

    3. They can receive any communication (logically, there is no way to prevent it). Ethical code says they should not communicate with anyone under player account. If you are asking about "hard breaks" (mechanisms in place that would actually make communication in game impossible for them), I dont think there are any.

    4. It is forbidden. Take that as you will.

    5. :-) Read EULA. :-) (EULA is that wall of text you agreed with when you started playing this game)

    6. If you are aware of any non-professional behaviour from the side of GM while said GM was logged into someone else s account, you are fully encouraged to file a complain or make a phone call. I assume that as other MMO, I am quite amiliar with from "the other side", Turbine handles this by Ethical code and register of log and activity. Or, whatever it is called in Turbine (they know from where you connected and can trace partially what you did).

    This response is based partially on experience within DDO, but mostly on experience with another MMO, where I had GM access.

  5. #5
    Community Member
    Join Date
    Nov 2007
    Posts
    21

    Default

    Quote Originally Posted by kned225 View Post
    When you phone pretty much any company with which you're a customer, u talk to some yokel who has all your personal info in front of them

    Why are yokels ok and gms not?
    When i phone Turbine, I GIVE them some information and there is the implication that they are allowed to pull up the rest to help me out, I am the one that initiates the need to use the PII.

    A turbine employee randomly deciding to look me up is a very different ballpark!

    If this is true it's pretty sad that they need to log in to delete duped items. That said I'm not 100% convinced that's what's happening yet.
    I wasn't convinced when I heard others say it, but it happened with people I know and can communicate with out of the game...
    Last edited by Qmulate; 10-16-2013 at 10:33 AM.

  6. #6
    The Hatchery Enoach's Avatar
    Join Date
    Nov 2006
    Posts
    4,596

    Default

    While I find it interesting that the characters need to be "Logged Into" to accomplish the inventory cleansing, as a developer/DBA myself I would have used an approach that does not require impersonating the User, I have seen systems that allow "Admin" roles circumvent the Authentication system.

    I doubt that all the GMs have been enlisted for the task at hand, it is most likely a very tight "Strike Force" following specific instructions, which I would not be surprised that it is being documented.

    But if you truly would feel more comfortable with additional information, might I suggest picking up the phone and calling Customer Support. Voice your concerns, and see if they will answer you. If you do not get answers at that level. Consider writing a letter to the company again voice your concerns. Since this deals with an exploit/punishment for exploiting I doubt you will get a direct answer here on the forum.

    Good Luck

  7. #7
    Community Member
    Join Date
    Nov 2007
    Posts
    21

    Default

    Quote Originally Posted by Enoach View Post
    But if you truly would feel more comfortable with additional information, might I suggest picking up the phone and calling Customer Support. Voice your concerns, and see if they will answer you. If you do not get answers at that level. Consider writing a letter to the company again voice your concerns. Since this deals with an exploit/punishment for exploiting I doubt you will get a direct answer here on the forum.

    Good Luck
    I did call customer support and was told that in-game support was handled through a different team and recommended I submit a ticket online. Not sure about other people but I have never heard back from a submitted ticket, so not going to bother (especially since my account is not affected, not sure they could respond). I know Turbine will not comment on the exploit, I don't care about that, I want to know what they are doing with my information.

    In my opinion, this is an important enough topic to be discussed on the forums for the whole community to know what is happening and hopefully hear from Turbine as to what their procedure is

  8. #8
    Community Member kned225's Avatar
    Join Date
    Feb 2011
    Posts
    552

    Default

    Quote Originally Posted by Qmulate View Post
    When i phone Turbine, I GIVE them some information and there is the implication that they are allowed to pull up the rest to help me out, I am the one that initiates the need to use the PII.

    A turbine employee randomly deciding to look me up is a very different ballpark!
    Why would a turbine employee randomly look you up? If you mean in regard to deleting duped items, thats not random

    But yes, i believe they could get your info easily if they wanted it. So if you believe a gm has a vendetta against you and toilet-papered your house, you should probably report it

  9. #9
    Community Member
    Join Date
    Aug 2010
    Posts
    787

    Default

    Quote Originally Posted by Qmulate View Post
    I did call customer support and was told that in-game support was handled through a different team and recommended I submit a ticket online. Not sure about other people but I have never heard back from a submitted ticket, so not going to bother (especially since my account is not affected, not sure they could respond). I know Turbine will not comment on the exploit, I don't care about that, I want to know what they are doing with my information.

    In my opinion, this is an important enough topic to be discussed on the forums for the whole community to know what is happening and hopefully hear from Turbine as to what their procedure is
    Ahem... just out of curiosity (and I dont mean it in a bad way, I am honest here), why do you hink this is an important topic? I mean, yeah, the way may be a little clumsy, but all of this is backed by EULA...

  10. #10
    Community Member Ausdoerrt's Avatar
    Join Date
    Feb 2010
    Posts
    2,010

    Default

    It's also possible that the actions done to the characters require them to be activated/brought online in some way first, which shows them as being online. We'll never know.

    Still, somehow I have a hard time imagining GMs log on to toons and running to the bank to manually delete items from inventory.


    P.S. And yea, the question "why do we care" is quite relevant, and unless GMs were doing something inappropriate to the toons, I'd say it matters none. Since your post doesn't indicate that GMs were actually impersonating the players, I'd say "well, so what".
    "People are stupid; given proper motivation, almost anyone will believe almost anything. ... People's heads are full of knowledge, facts, and beliefs, and most of it is false, yet they think it all true." Terry Goodkind

  11. #11
    Community Member Gauthaag's Avatar
    Join Date
    Sep 2009
    Posts
    1,266

    Default

    Quote Originally Posted by viktorserak View Post
    Ahem... just out of curiosity (and I dont mean it in a bad way, I am honest here), why do you hink this is an important topic? I mean, yeah, the way may be a little clumsy, but all of this is backed by EULA...
    just for the reason protection of personnal data made it to almost every legislative system.

    and as lot of users have their CC credentials connected to their account its legitimate to know who had access to those. u ca call it paranoia - id say better safe then sorry.

    and call me paranoid but uf theres a way someone could log to my account, connect to ddo store and buy tps i d rather know about it

  12. #12
    Community Member
    Join Date
    Mar 2006
    Posts
    118

    Exclamation EULA Change Coming?

    I have experienced this same phenomenon: an on vacation character logs into the game – at first I was like awesome: Hey dude, welcome back! Then they ignored guild chat; then they ignored party invites & /tells. At this point I picked up the phone and called the individual who was beside himself that his account had been hacked. He was unable to log in himself. At the time I did not think to ask which log in error he got, but from the time it took for him to try it seemed more like that it was a ‘Failed to queue for server (0x80004005)’ issue rather than the immediate ‘Username and/or Password provided is incorrect’ error.

    According to the EULA Turbine is not allowed to access your account. Indeed the one time I needed them to do so required specific authorization consisting of the following:
    -required to change my password
    -the last 4 digits of my CC
    -my Date of Birth
    -MY CONSENT to logging into my account
    -an agreed upon time that they would be allowed to access my account
    -required to change my password again upon completion

    As someone that re-uses usernames & passwords this is extremely prejudicial and a colossal security issue. Why can Turbine NOT make a situation worse? Seriously, first you consolidate our public name and game log in and now you are accessing our passwords… Unfortunately Turbine’s typical response will be to change their documentation to permit whatever illicit action they wish rather than actually abiding by their agreements. No way this does not end badly.

    Thank you for bringing this to our attention and confirming my worst fears Qmulate!

  13. #13
    Community Member AzB's Avatar
    Join Date
    Jun 2012
    Posts
    1,556

    Default

    Would it be possible to get the GMs to play my toon and level it a bit for me? Maybe you could sell that service in the DDO store?

    So far, we only have second hand reports from a friend of someone. And this is only happening to players that were banned?

    Probably not anything to worry about. If they start doing this to folks that haven't transgressed to the point of winning a ban for punishment, then it might be a problem. But you're playing in their playroom and you intentionally broke the rules, I'm all for them doing whatever they want with your toon.

    But I'm still unconvinced that this has even happened yet.

  14. #14
    Community Member
    Join Date
    Nov 2007
    Posts
    21

    Default

    Quote Originally Posted by AzB View Post
    So far, we only have second hand reports from a friend of someone.
    This is not a second hand account. Someone in my guild was logged in when I know the account is banned. How can it be more first hand than this? The person being logged in had know idea and has no way of finding out... They can't come on the forums and say "who logged me in" because they can't even see themselves as logged in (but anyone in the guild can and obviously we can see last login times for anyone)

    I would post screenshots and account names but that would violate forum policy on discussing accounts...

    And this is only happening to players that were banned?
    That's the whole point of my thread. I know this happened because I know the account was banned, I am posting this thread in hopes that Turbine can clarify their actions and let us know in what other situations this might happen.

    If I didn't know the account was banned, I would have never thought it wasn't the real player and i would have never let him know. This creates a potential situation where all our accounts are being accessed without our knowledge with very little chance of us finding out, so I posted the questions in the OP hoping someone can help us out with some info...
    Last edited by Qmulate; 10-16-2013 at 11:24 AM.

  15. #15
    Community Member Ykt's Avatar
    Join Date
    May 2013
    Posts
    652

    Default

    "Extreme prejudice" = Turbine Gm will log into your account and purchase 5x $200 TP bundles.

    When you complain, they will say you did it yourself.

  16. #16
    Community Member
    Join Date
    Aug 2010
    Posts
    787

    Default

    Quote Originally Posted by Gauthaag View Post
    just for the reason protection of personnal data made it to almost every legislative system.

    and as lot of users have their CC credentials connected to their account its legitimate to know who had access to those. u ca call it paranoia - id say better safe then sorry.

    and call me paranoid but uf theres a way someone could log to my account, connect to ddo store and buy tps i d rather know about it
    Turbine is not a country with strong democracy system that values human rights. Its a company and you gave away most of yours "personal rights" (lol) by agreeing to EULA.

    Also, by default, GM does not have acces to your connected credentials.


    This entire response actually assumes that GMs are logging into someones accounts in the first place. No one brought any evidence of it so far.

  17. #17
    Community Member
    Join Date
    Aug 2010
    Posts
    787

    Default

    Quote Originally Posted by Ykt View Post
    "Extreme prejudice" = Turbine Gm will log into your account and purchase 5x $200 TP bundles.

    When you complain, they will say you did it yourself.
    http://i0.kym-cdn.com/photos/images/...29/9189283.jpg

    You are funny.

  18. #18
    The Hatchery Hoglum's Avatar
    Join Date
    Jul 2010
    Posts
    603

    Default

    Yeah, I got home from work yesterday and there was a GM rummaging through my closet. He stole six dragon scales and tuxedo I had in there.

    Another one who looked just like me was making out with my girlfriend on the couch. She was telling him how great it was that I finally learned how to turn her on.

    It was pretty sad. I asked the GM what his secret was.

    He helped me out so I'm pretty glad this expoit happened. Special thanks to the Turbine GM's!

  19. #19
    Community Member kned225's Avatar
    Join Date
    Feb 2011
    Posts
    552

    Default

    Quote Originally Posted by Gauthaag View Post
    .

    Call me paranoid but if theres a way someone could log to my account, connect to ddo store and buy tps i d rather know about it
    Im having trouble thinking of reasons a gm might wanna do this...

  20. #20
    Community Member
    Join Date
    Aug 2010
    Posts
    787

    Default

    Quote Originally Posted by Hoglum View Post
    Yeah, I got home from work yesterday and there was a GM rummaging through my closet. He stole six dragon scales and tuxedo I had in there.

    Another one who looked just like me was making out with my girlfriend on the couch. She was telling him how great it was that I finally learned how to turn her on.

    It was pretty sad. I asked the GM what his secret was.

    He helped me out so I'm pretty glad this expoit happened. Special thanks to the Turbine GM's!
    I was supped to go onto family dinner. But GM hacked my account and went there instead of me. Also, Another GM, who took my look onto himself as well, went inti my work instead of me. I would like to continue, but another GM is going to type stuff into forums instead of me.




    There is nothing to fear about. Move along. Now.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

This form's session has expired. You need to reload the page.

Reload