|
Post by lethann on Jul 23, 2008 10:11:45 GMT -5
We want you to be comfortable using and playing AF with your friends. So now I am asking you, as a member of our community, how would you like this feature to work in Aurora Feint? We want to make everyone feel comfortable so we intend to change the community feature in another update very soon. We'll take the idea that most people like here, and that seems to make the most sense, and change the community feature accordingly. Honestly, I can see why you wanted to make it easy to use, but I had an issue with the community feature as soon as I looked at the page and it asked me for my phone number. I -never- give out my cell number unless it's directly to a friend or family member. Now that telemarketers can call your cell phones legally I'm even more careful about where I put my cell number. Why can't AF be like any other game and have a username, password, and email address? The collecting of the contacts, well, I see both sides, but with everyone being paranoid about privacy issues (often unnecessarily so) I wouldn't have chosen that route. I'd just have people manually add their buddies using their username or email address. Or if you wanted, if this is even possible with the iphone, pull up a list of email addresses from the contacts, the user then checkmark which buddies they want to add, and go from there. That way it doesn't 'store' the information and the only information that gets sent to the server is what someone chooses to send. I don't really like that one because I have a lot of business contacts that clutter up my addressbook and is pointless to have to dive through them to find my friends. As it is right now, I'd rather have the community feature pulled until the game is actually stable. Fixing the crashing issues (which I know could be due to the crappy iphone code) and more importantly making things like inventory and equipping items actually useful would be much more fun for me than the community feature hands down. I really love this game and am looking forward to seeing what it becomes.
|
|
lc
Junior Member
Posts: 63
|
Post by lc on Jul 23, 2008 10:16:57 GMT -5
OK, nice game, but horrible security and privacy architecture. Security and privacy are important, and it seems clear that you didn't give it adequate consideration. I'll offer some quick advice, but you need to go read up on this topic. I suspect a lot of iPhone developers need to read up on it. I'd start with "Software Security: Building Security In" by Gary McGraw. OK, my strongest recommendation (and the only way I would use your game) is to never send email or phone numbers for your contacts over the network or store them on your server. Never. You don't need to, and it is a privacy and security risk. I don't care about whether or not you use https. Never do it. Instead, take some arbitrary string (e.g., "Aurora Feint"), append a phone number to it, compute a SHA1 hash of that, and that gives you an identifier for that phone number you can send across the network and store on your servers. For people who opt-in, you can compute SHA1 hashes for all the phone numbers and emails in their contact list, and send just the hashes to your server. This will allow you to determine on your server if anyone in the user's contact list is also registered, but won't leak much of any other information. If you want to be really secure, take it an extra step: Don't hash or send individual phone numbers or emails. Instead, do it only for pairs. For each contact, sort and append the phone numbers. For example, the player has the phone number 555-123-4567 and a contact has the phone number 000-324-1245. Append them in sorted order, giving the string Aurora Feint:000-324-1245:555-123-4567 and compute the SHA1 hash of that and send that to the server. If two players send in the same hash, that means that both know each other. However, by only sending in pairs, you can't even figure out how many people two players know in common. I completely agree. That is, if you want to make the process automatic. The fun part of making it automatic is the "hey, I didn't know Michael played the game too!" effect. But the standard way to do this is to have people create a friend list and add people. Whether they manually search by character name, account ID, or phone number is up to them, but the real key is the manual bit. Or have a button "check against iPhone contacts database" to check everyone. This shouldn't be automatic unless the user OPTs-IN to the service, fully aware things are getting sent. That and you should hash it like stated above. Don't send things plaintext in the clear, first off. And second there's no reason to store things that aren't one-way encrypted on your servers for any length of time, just in case. Due to the way you're handling this, I trust you, as developers, didn't mean any harm and never thought of taking this information and using it against us. Unfortunately phishing and identity theft are real problems in this world and we cannot assume people are benevolent with our data.
|
|
|
Post by causeimawesome on Jul 23, 2008 10:19:54 GMT -5
I think that if all the data were secure and you had the option whether or not you want to import your contacts, that would be useful, or if you could pick and chose which contacts to import if you want, personally I have no problem with it all being sent to my friends list, I just hope this gets put back up soon, I never got the chance to download
|
|
|
Post by alduin on Jul 23, 2008 10:20:00 GMT -5
Yeah. How dare people suggest ways to improve the security model of the game so that more people would like it and not have to worry about sending the contact information for all their friends, family, and business associates to some random server on the intarweb?
|
|
|
Post by aybara on Jul 23, 2008 10:22:00 GMT -5
The part that most people seem to miss here is the fact that the Community Feature was COMPLETELY and UTTERLY an OPT-IN feature. If you didn't 'opt-in', none of your stuff was sent anywhere. If you 'opted-in' without knowing what you were signing up for, then you need a little more schooling in Life anyway. In my contact list I have family, friends, and numbers of businesses I use but don't want to memorize the numbers. I opted-in. Now, if my family and friends started getting spam calls or e-mails about Aurora Feint, I might get a tad upset At this point, don't let the community features get in the way of the game. If stripping them for now means that you can get it back on the App Store and patched, do so. The Community features can be re-added at a future date.
|
|
lc
Junior Member
Posts: 63
|
Post by lc on Jul 23, 2008 10:35:26 GMT -5
The part that most people seem to miss here is the fact that the Community Feature was COMPLETELY and UTTERLY an OPT-IN feature. If you didn't 'opt-in', none of your stuff was sent anywhere. If you 'opted-in' without knowing what you were signing up for, then you need a little more schooling in Life anyway. Yes and no. You're missing the point here. If I enter my phone number and email, of course I expect it to be sent. And it might even be stored somewhere. Fine. I would like it to be encrypted in transit and on the server, but whatever. What I don't expect, however, is the entirety of my contact list to be sent as well. In plaintext. And STORED ON THE SERVER for who knows how long. Most software I'm familiar with first asks to confirm before IT even has access to your contacts list, let alone before it sends it. There was no confirmation and no explanation as I saw it for what was happening. Some people liken this to Facebook's find-a-friend feature. It looks in your AIM or Gmail account contact lists for friends. I assume it doesn't store these contact lists or your password after it's through searching, (but you never know). I detest the idea of giving site A my password to site B so I've never used the feature. But the fact that it asks for a password is looking for a confirmation. You know what it's going to do and you hope it doesn't save the info. It might even state that it doesn't save the info. This is a problem with the iPhone toolkit as much as anything else. It should have built-in security where the first time an application wants to access your data it prompts you. I honestly blame Apple more than the developers for this oversight, however, the developers should also have our privacy and security in mind (which is I think where this is going). It's a great feature in my mind, but it simply needs to be implemented right.
|
|
|
Post by boboli on Jul 23, 2008 10:43:38 GMT -5
Thought I'd chime in with my 2 cents. Though I play on a touch, I do sync my contacts, so the copy/transmission of that data would irk me. As I'm more into the single-player RPG element of AF, however, I've never considered inputting my info to find my friends.
Regardless, I think it'd be a good idea to program an option to exclusively play offline, so that there's is never any worry of any kind of transmission of my personal info. In regards to all the attention on different blogs about AF, and the pulling of the app from itunes, I think it's what should have happened. While the developers may not have had a malicious intent when programing the community features, they did fail (by their own admission) to take appropriate measures to safeguard our private info. While it's convenient to claim that time constraints and unforeseen popularity were at fault here, none of that is important right now. The current situation demands a remedy. So here's to hoping a fix comes soon. I still support AF and the developers. You guys have got a great thing going here. Now to move forward and do it right.
|
|
|
Post by aybara on Jul 23, 2008 10:43:53 GMT -5
The part that most people seem to miss here is the fact that the Community Feature was COMPLETELY and UTTERLY an OPT-IN feature. If you didn't 'opt-in', none of your stuff was sent anywhere. If you 'opted-in' without knowing what you were signing up for, then you need a little more schooling in Life anyway. Yes and no. You're missing the point here. If I enter my phone number and email, of course I expect it to be sent. And it might even be stored somewhere. Fine. I would like it to be encrypted in transit and on the server, but whatever. What I don't expect, however, is the entirety of my contact list to be sent as well. In plaintext. And STORED ON THE SERVER for who knows how long. Do you sync with MobileMe? It is sent. Hell, it is pushed to your phone on a regular basis. Do you know for a fact that Apple encypts it? Or are you just assuming they are smart enough to do so? I've also said that I agree the community feature can and should be removed until everything is ironed out. It shouldn't taint an otherwise stellar game. I am willing to give the Devs a break, this is their first attempt at this. They added what they thought would be a neat feature, and I honestly think it was blown WAY out of proportion in the article that was linked here.
|
|
|
Post by shmore on Jul 23, 2008 10:48:49 GMT -5
I joined the forums just to post in this thread. First, cudos for creating such an addictive game and realeasing it for free no less! Now, the privacy issue is a big problem. I do believe you made a newbie mistake and there was no malicious intent on your part. However, as my other IT brethren have pointed out, you should remove the community code *completely* for now and bone up on security best practices. I understand how it can be a huge pain but in todays world it is VERY necessary. Looking forward to the update.
|
|
socom
New Member
Posts: 21
|
Post by socom on Jul 23, 2008 11:07:10 GMT -5
I would like to start off by saying I love the game. However if I read your post correctly I do have a problem with you downloading my whole contact list to your servers (encrypted or not). I understand your reasoning behind this, however, some of us are using this also in a corporate environment and cannot have that information floating around.
This game is great, however honestly the documentation has been fairly limited in how it all works, and quiet honestly we should not have to search through forums to find out whether or not you are downloading contacts. To this end, if we Opt-Out, will you delete all references to all of our contacts? (again not because we feel you would use this in a bad way, but because there are a lot of people that will, and now that this is public knowledge, I would guess someone is going to try to gain access)
A couple final points and requests.
A) Please remove all of my contacts you have stored immediately. B) I would agree that for now, you remove that feature and release the game C) I would suggest that though your idea was great and convenient, in no circumstances would I personally ever want my contacts on your server (unless I specifically selected certain ones to play the game with) My suggestion would be “add friends by phone number” (since emails change) However, you could use Emails or our UserID's from the site and we add our friends that way. No other information is needed. D) As with everyone on this site, my wife and I love this game, you have done an amazing job in such a short amount of time and as such we would be perfectly happy to pay a $3.99 or whatever the going rate is. E) Add or show us how to Opt-Out and confirm that all contacts related to our account will be permanently removed.
Thank you and I really do look forward to your next release of this game, free or paid.
|
|
shul
New Member
Posts: 16
|
Post by shul on Jul 23, 2008 11:19:21 GMT -5
I joined the forums just to post in this thread. First, cudos for creating such an addictive game and realeasing it for free no less! Now, the privacy issue is a big problem. I do believe you made a newbie mistake and there was no malicious intent on your part. However, as my other IT brethren have pointed out, you should remove the community code *completely* for now and bone up on security best practices. I understand how it can be a huge pain but in todays world it is VERY necessary. Looking forward to the update. Very nicely said! I agree! So, I suggest that Danielle & Jason will take an active part in this thread
|
|
|
Post by eliu87 on Jul 23, 2008 11:23:55 GMT -5
The problem with this entire community feature is it, in some way, requires you to enter some personal information to identify yourself! Even if you simply had to enter your friend's phone number, what if your friend doesn't want his phone number on AF servers? You still have a problem.
So unless it's totally anonymous, like you log on to a AF server and you are identified only by the Character Name, the Community feature will always be criticized by paranoid people. For now, I would agree with many people to take the feature off and release the update. I would think a simple solution though, would be to keep the feature as it is, and add a checkbox that you have to tick (similar to when you're installing something, it says 'I agree to the terms and conditions.'), and the box would say 'I agree, by using the Community feature, to upload the information I have provided above, and to upload the contents of my entire Contacts List to the Aurora Feint servers for the sole purpose of locating friends.'
|
|
|
Post by aybara on Jul 23, 2008 11:27:07 GMT -5
I just read an article on Gizmodo.com that made an interesting point. Apple allows devs to only have FIVE beta testers? If you can only test from a pool of 5 people, you aren't going to find all the bugs. You aren't going to find all the possible security issue. You aren't going to find a lot of things.
|
|
|
Post by oracleab on Jul 23, 2008 11:33:51 GMT -5
The part that most people seem to miss here is the fact that the Community Feature was COMPLETELY and UTTERLY an OPT-IN feature. If you didn't 'opt-in', none of your stuff was sent anywhere. If you 'opted-in' without knowing what you were signing up for, then you need a little more schooling in Life anyway. In my contact list I have family, friends, and numbers of businesses I use but don't want to memorize the numbers. I opted-in. Now, if my family and friends started getting spam calls or e-mails about Aurora Feint, I might get a tad upset At this point, don't let the community features get in the way of the game. If stripping them for now means that you can get it back on the App Store and patched, do so. The Community features can be re-added at a future date. Here! Here!! Personally, I also agree that the ownuos is on Apple here. Consider the Google Mobile app that searches your contacts on your device. Whether the info is sent elsewhere or not doesn't matter. It means that Apple opened the functionality for developers to access the info on your device. With the Community feature being an Opt-In function, folks should use their brains before tapping the Submit button. Anywho, friend codes wouldn't be bad, though I prefer the current method. The short-term solution of removing the feature is also a plus as it would allow you to continue to provide the game and give you lots of time to work on the feature to perfection. Someone else stated they'd gladly pay for the game. I would too. Finding out it was free blew my mind because you can tell so much time, effort and quality was put into it. I'd gladly support continued development through monetary means.
|
|
|
Post by sandleworld on Jul 23, 2008 11:35:12 GMT -5
I would like to give my opinion to the issues at hand. First I would like to say you have done a great job and your possibilities for this game is endless, This could very well be the break your looking for! Security is a must, bottom line. If you need more time then remove or temporarily block this feature until you have this under control. I would also delete ALL data you have stored, Its not worth the risk of getting sued. This app needs to grow before it can bloom. I would much rather see your time spent on updating the game features/content then working on the community feature. Ive seen a few responses saying to make this a paid app, This app being free is what has made it where its at today. I would say to keep it free and charge a fee later for additional features. Ex. Charge a monthly fee for the multi player feature of the game to compete against others. Perhaps certain weapons/upgrades require a membership to use. Good Luck!
|
|