iprof
New Member
Posts: 3
|
Post by iprof on Jul 23, 2008 11:35:35 GMT -5
I think the consensus here so far is to drop the community feature for now...an idea I also support. I think the priority here should be to make contact with Apple, verify their reasons for pulling the app, and get that app back on the store (and get yourselves back in their good graces). Thanks D and J for such a fantastic app...and for the love of Mike, charge a couple of bucks for it this time around...you two deserve it for all your ideas and effort! We'll gladly fork it over!
|
|
|
Post by frostycellnex on Jul 23, 2008 11:42:26 GMT -5
I'd like to echo the preference for a bug-fixes release which lacks the community feature. I've been enjoying the game immensely and would also happily pay for it.
Great work on a beautiful and rich game, with immense potential!
|
|
|
Post by ailanthus on Jul 23, 2008 11:48:12 GMT -5
I don't mind the community feature, but I'm not gaga over it like a lot here seem to be. I just would like the option to turn that feature off. It's too big brother for me to have my phone...or more specifically....YOU...looking at my contacts.
|
|
|
Post by luthientinuviel on Jul 23, 2008 11:51:58 GMT -5
My knowledge of the legalities surrounding something like this (namely: covering your butts and ours) is sparse, and what I know of data and how it's sent and stored is even less. So I'm not even going to try to respond to the specifics, and besides, you've received some very solid responses already.
I just want to add my voice to the chorus of support and second (third, fourth, fifth, etc.?) the suggestion of putting the community feature on hold entirely for now. I love this game and I love the possibility of everything it can—and hopefully will—become. But I say solidify the core components of it, build up the RPG aspects and powerups, weapons, etc.; give it a solid foundation and just on those things alone I think the game will be more than capable of holding its own in the App Store (free or not). In the meantime, however, settle the community feature issues while they perch paused on the backburner. Find a way to make the system as air-tight as possible. And then, when you're ready to implement them, you'll have a legion of already dedicated AF players hungry to participate in complete security and confidence.
I, for one, am more than willing to wait and slake my thirst for interaction via the forum (which in and of itself has many, many options for expansion).
And, as always, much appreciation for your candor. It's one of your biggest assets in all this.
|
|
|
Post by morgaine on Jul 23, 2008 12:17:19 GMT -5
OK, nice game, but horrible security and privacy architecture. Security and privacy are important, and it seems clear that you didn't give it adequate consideration. I'll offer some quick advice, but you need to go read up on this topic. I suspect a lot of iPhone developers need to read up on it. I'd start with "Software Security: Building Security In" by Gary McGraw. OK, my strongest recommendation (and the only way I would use your game) is to never send email or phone numbers for your contacts over the network or store them on your server. Never. You don't need to, and it is a privacy and security risk. I don't care about whether or not you use https. Never do it. Instead, take some arbitrary string (e.g., "Aurora Feint"), append a phone number to it, compute a SHA1 hash of that, and that gives you an identifier for that phone number you can send across the network and store on your servers. For people who opt-in, you can compute SHA1 hashes for all the phone numbers and emails in their contact list, and send just the hashes to your server. This will allow you to determine on your server if anyone in the user's contact list is also registered, but won't leak much of any other information. If you want to be really secure, take it an extra step: Don't hash or send individual phone numbers or emails. Instead, do it only for pairs. For each contact, sort and append the phone numbers. For example, the player has the phone number 555-123-4567 and a contact has the phone number 000-324-1245. Append them in sorted order, giving the string Aurora Feint:000-324-1245:555-123-4567 and compute the SHA1 hash of that and send that to the server. If two players send in the same hash, that means that both know each other. However, by only sending in pairs, you can't even figure out how many people two players know in common. I completely agree. That is, if you want to make the process automatic. The fun part of making it automatic is the "hey, I didn't know Michael played the game too!" effect. But the standard way to do this is to have people create a friend list and add people. Whether they manually search by character name, account ID, or phone number is up to them, but the real key is the manual bit. Or have a button "check against iPhone contacts database" to check everyone. This shouldn't be automatic unless the user OPTs-IN to the service, fully aware things are getting sent. That and you should hash it like stated above. Don't send things plaintext in the clear, first off. And second there's no reason to store things that aren't one-way encrypted on your servers for any length of time, just in case. Due to the way you're handling this, I trust you, as developers, didn't mean any harm and never thought of taking this information and using it against us. Unfortunately phishing and identity theft are real problems in this world and we cannot assume people are benevolent with our data. Danielle, These two suggestions seem best and most helpful so far. It sounds like the result would be exactly what you were going for - ie., a *more-or-less* automatic search of your contacts to see if anyone else plays the game. We still wouldn't have to go through the annoying process of typing in names and codes, and we would still get the nice surprise of "oh, he's on this game? i never thought to ask!" At the same time, you can satisfy all those hyper-sensitive people by letting them opt-in or not, and for those of us that go for it, our data would stay secure. At least, this is all according to lc and william - who certainly seem to know what they're talking about. At any rate, we would obviously rather be playing the game WITHOUT this feature if it meant we could have it right now! So I hope you will be re-releasing the game sans community, which it sounds like you are. I'm anxiously awaiting all those *other* new features! I hope this process hasn't been TOO terribly painful for you guys. It's really just an amazing game, and it sucks that your only reward has been to get slapped around by Apple (when really THEY should have been screening apps for security in the first place)! Hang in there - you've got thousands of fans behind you!
|
|
|
Post by peloquyn on Jul 23, 2008 12:33:39 GMT -5
I will add my $.27 here too.
While I appreciate the idea of the community feature, I will echo others stating that I'd rather have the gameplay aspects available and working properly above all else. I'm saddened to see that so many people believe that storing information via an opt-in portion of the application is a threat - I think the perception is that it's not "as secure as it could be" is right on, but the reaction to it has been outlandish (in my opinion). As someone above pointed out, I signed up for Facebook and I'm far more concerned that the viral aspect of their advertising than I would be having you guys store whatever information garnered at your location. But I don't use my phone for work-related contact storage, so I don't have any "sensitive" contact information on my phone...or what one might consider sensitive, at any rate.
So, in answer to your inquiry: I'd rather have bug fixes and working tools than be able to utilize the community feature at this point.
Also, I really like the idea of inputting your friends by "username" or by "player ID" or somesuch - just as with the signature blocks, the ID could be your unique identifier - and you'd have to know it (or be able to find it) and give it to the other people you'd like tp "party" with.
Thanks guys, for a great game - I can't wait to watch the progression of this!
|
|
|
Post by mercer on Jul 23, 2008 12:51:50 GMT -5
Hi everyone, hi Danielle, to be honest, I am pretty much concerned about that so-called "community feature". First, let me say that I appreciate the way you are dealing with the issue - but on the other hand, it really should have been done upon release. No one of us has any idea, how you are securing your servers and what really happens with all the data. Please remember that a lot of people use the iPhone for business affairs (and games are installed in order to have something to play with when sitting at the airport) - second, I think that even though I may not be concerned about you getting all my contacts, then probably somebody who is in my contacts list may well be concerned (and would have every right to). Also it really worries me, that maybe I am in somebodys contact list and without letting me know it, everything is just passed on to some unknown server... Not great! And why are you storing "phone numbers"? I am pretty sure, that in no way you´d require this just to know who is playing, unless you try to indentify players somehow by using their mobile phone number/usage (which would ever scare me more). Personally, I will delete your game from my iPhone and advise others to do so, unless this problem is solved. You are fantastic game developers, but with all respect, I cannot understand that you have simply "forgotten" to mention this feature or what it is doing. Since you needed to setup server space etc. I expect that you had to deal with a lot stuff regarding the community feature. So ... did it really just slip out of your mind two minutes before writing the release notes? For future version, I strongly advise you to use a method with is very straight forward in terms of data security and letting people exactly know what is going on. Therefore I really do appreciate that Apple has pulled AF, because this at least shows that somebody cares about sensitive data on my iPhone. Thanks Tom I firmly agree with Tom, stay the heck outta the address book - if this was an opt-in feature I would absolutely opt out, I do NOT want under any circumstances games going through my address book and DEFINITELY not pulling that information and sending it off to third-party servers. Like many others, I use my iPhone for business purposes. Aurora Feint is a great game and has brought me many hours of enjoyment but if it's pulling sensitive data from my contact list (which includes phone numbers IMHO) then I can't possibly put enough distance between myself and the game. Thank you apple for reviewing the game, it gives me a (very small!) hope that maybe these iPhone app's aren't going to destroy my life, security, and career. Meanwhile, Aurora Feint is a fabulous game. Keep up the great work, but stay far, far away from hot-button issues like privacy. Generate an account number/username upon user creation and use that - nothing else is needed to be stored or transmitted to the server and nothing else should be. Stay the heck outta the address book. mercer
|
|
|
Post by alduin on Jul 23, 2008 12:52:03 GMT -5
The issue with the opt-in is that when a user opts in, they're effectively also opting in for everyone else in their address book. Those people don't get any say in it. If it were just the user's own information I'd guess that the reaction might have been a bit different.
That said, I'd love to see a version with the 1.0.0.1 fixes but with the community features stripped out, at least until the developers have had a chance to go through and re-write how it's done.
|
|
|
Post by shmore on Jul 23, 2008 13:25:10 GMT -5
Hi everyone, hi Danielle, to be honest, I am pretty much concerned about that so-called "community feature". First, let me say that I appreciate the way you are dealing with the issue - but on the other hand, it really should have been done upon release. No one of us has any idea, how you are securing your servers and what really happens with all the data. Please remember that a lot of people use the iPhone for business affairs (and games are installed in order to have something to play with when sitting at the airport) - second, I think that even though I may not be concerned about you getting all my contacts, then probably somebody who is in my contacts list may well be concerned (and would have every right to). Also it really worries me, that maybe I am in somebodys contact list and without letting me know it, everything is just passed on to some unknown server... Not great! And why are you storing "phone numbers"? I am pretty sure, that in no way you´d require this just to know who is playing, unless you try to indentify players somehow by using their mobile phone number/usage (which would ever scare me more). Personally, I will delete your game from my iPhone and advise others to do so, unless this problem is solved. You are fantastic game developers, but with all respect, I cannot understand that you have simply "forgotten" to mention this feature or what it is doing. Since you needed to setup server space etc. I expect that you had to deal with a lot stuff regarding the community feature. So ... did it really just slip out of your mind two minutes before writing the release notes? For future version, I strongly advise you to use a method with is very straight forward in terms of data security and letting people exactly know what is going on. Therefore I really do appreciate that Apple has pulled AF, because this at least shows that somebody cares about sensitive data on my iPhone. Thanks Tom I firmly agree with Tom, stay the heck outta the address book - if this was an opt-in feature I would absolutely opt out, I do NOT want under any circumstances games going through my address book and DEFINITELY not pulling that information and sending it off to third-party servers. Like many others, I use my iPhone for business purposes. Aurora Feint is a great game and has brought me many hours of enjoyment but if it's pulling sensitive data from my contact list (which includes phone numbers IMHO) then I can't possibly put enough distance between myself and the game. Thank you apple for reviewing the game, it gives me a (very small!) hope that maybe these iPhone app's aren't going to destroy my life, security, and career. Meanwhile, Aurora Feint is a fabulous game. Keep up the great work, but stay far, far away from hot-button issues like privacy. Generate an account number/username upon user creation and use that - nothing else is needed to be stored or transmitted to the server and nothing else should be. Stay the heck outta the address book. mercer And this type of reaction (not picking on you mercer ) is why security has always been a major issue when it comes to personal data. I've been dealing with this very issue my entire adult working life (almost 20 years now). I'm a mainframe IT guy and my job deals heavily with data security. Personally, I don't care that my address book was scanned - it contains nothing I'm concerned about getting into the public domain as I do not use my iPhone for work (heck, the iPhone isn't even approved by my company for corporate use). However, some people do use it for work and do have information in their address book that they are concerned about. That information is protected by the Privacy Act and cannot be put anywhere without the persons permission. It's exactly the same as your employer not being permitted to give out your phone number or address when somebody calls up and asks for it. Hope that clarifies the issue a little bit for some. Once again, great app, can't wait for the update. shmore
|
|
|
Post by peloquyn on Jul 23, 2008 13:35:50 GMT -5
mercer - but it *is* an opt-in...as stated previously, if you did not enter your own information to search for "community" members through the "find friends" page, they did NOT search your contacts nor store them anywhere. If you had not previously utilized that function, then no "scans" nor data transfers such as those being discussed were completed. I'd not used the function before this issue came to light, and while I see a little more clearly now how deeply it upset people, and the argument that "sure *you* opt in but your contact list doesn't" is pretty striking - but I still am of the mind that while there may have been a lack of clarity, as soon as it was asked, Jason and Danielle plainly stated how it worked and are very open to feedback and suggestions for improvements. I value the transparency Jason and Danielle have provided more more than I would hold them liable an honest mistake that was not made for nefarious purposes. I don't think that any lasting damage is or was done, nor will there be - other than perhaps some people not understanding or even stopping to question the actual damages that may have been incurred by having email and phone numbers stored. I'd think it'd be minimal, unless you were playing AF during a board meeting and someone caught you...then it's all you!
|
|
|
Post by mrsmiley on Jul 23, 2008 13:39:26 GMT -5
I definitely appreciate you guys being so forthcoming about these issues. I would go with either of these 2 camps:
1. Provide some sort of "friend code" type thing like with Nintendo, or have someone be able to search for you by your AF account, not your personal info.
2. Just wait to add the community feature until it's fully secure, and is actually implemented more into the game. For now, it's cool I suppose, but really not worth the hassle IMO.
Keep up the good work!
|
|
|
Post by Peligra on Jul 23, 2008 13:41:02 GMT -5
Ok, Here's my suggestion: (This is regardless if the community feature is temporarily removed, in either case how I'd do it...and I'm not that smart so take is with a grain of salt ). I envision a screen for the community feature that says something like "Play AF with your friends online!" with a simple ON/OFF switch that is seen in the iPhone UI. The switch will default to OFF and no information of that nature is sent to AF period. If not entered, just your Character name is in the DB. If turned ON, then more options become available. First option says something like "Enter your email or phone number for others to find you automatically" or maybe something that says: "Add me to the directory so my friends can find me automatically." and in smaller text under say "Optional: If not entered friend can find you by your character name" (This assumes that AF will not allow duplicate character names, obviously). If entered, then it goes into the DB on your server encrypted. The next element on the page is the option to find friends. There would be another ON/OFF switch here. Above it written: "Please look for my friends automatically". Again, it's OFF by default (and not even on the page if the top button is turned to OFF). When turned ON a pop-up confirmation comes up (that black screen with YES and NO buttons at the bottom) that says, "Are you sure?, This will send a list of your contacts to our server so we can locate the people you know that have joined the AF online community. This information will not remain on the server after the process has finished **paragraph break** If you do not wish to have your contact list sent, please press NO." If they press the NO button that that point, the black screen goes away and the button goes back to OFF, if they agree to the disclaimer, the button stays ON (and the refresh or "Look Again" appears underneath, pressing that brings up the same confirmation screen basically triggering the same process). After the search is complete the "Manage Friends" screen will appear, more on that below. The last element on the page is a Manage Friends link with an arrow to the right (that goes to another page, like other places in the iPhone UI). Ok, now, the Manage Friends page has tabs on the bottom (and a button on the top left for Back), Results, Friends, & Requests. First Results, If you opt-ed out of the automatic search it will say "No result found, to find your friends playing AF automatically, press Back. If they did Opt-in to the search, the search spits them out here automatically. Here they can press on names to add a check next to them and the button on the top right of the screen will be say "Send Friend Request" (as in most situations, the friend relationship should be reciprocal). This takes you to an email like screen with Cancel and Send on the top. And just gives you a small place to type a personal note if you want to identify yourself to the person/people you are trying to establish as friends. Upon pressing Cancel or Send, you come back to the screen you were on. There can be some sort of visual here, maybe a little envelope, showing which friends you've already sent requests to and/or a little X for those that have rejected request from you. Also, the list will remain until you do another search. Maybe add the option to remove a name if it's someone you'd never ask to be your friend. The Friends tab shows you all the people that you have already accepted friend requests from and/or have accepted your friend requests. This screen also has the Back button on the top left and a "+" on the top right. You can click on the + to look for someone that has Opt-ed in to the community portion (the master ON/OFF at the beginning) by typing in their character name there. Results show in the Results screen and the same operation happens as described above. Also, the edit button can be on the top somewhere, to enter the mode to delete friends, or just using the iPhone "swipe" action can trigger the Delete option. If you delete a friend, it terminates that friend relationship and your name is removed from their friend list as well. The Requests tab will show a number in a red dot for incoming requests you haven't read yet. On the tab you will see a list of requests, ones you haven't read will have bold text, ones you have will be normal. This looks like an email screen, the From is the character name that sent the request, and you can see in small print below the small message they typed. If you press a name, the screen goes black and you see, "Would you like ACCEPT this friend request from %Character Name%?", and get 3 buttons on stacked from the bottom, YES, NO, and NEVER. Clicking yes adds them to your friends list, clicking NO does not, and tells the other they've been denied (ok, I haven't figured out that part yet, but seriously, I got the rest) and Never prevents that user from asking again. So, what do you think? I tried to cover all bases as best as I could. ** Edit: Maybe on the Requests page, have little tabs/buttons just below the top for sent and received requests. So that you can see the feedback form the requests you've sent as well as respond to the ones sent to you.
|
|
|
Post by lethann on Jul 23, 2008 14:05:40 GMT -5
mercer - but it *is* an opt-in...as stated previously, if you did not enter your own information to search for "community" members through the "find friends" page, they did NOT search your contacts nor store them anywhere. Here is the issue though, I pull up the game and navigate to the Community page. All it says is "Supply your phone number and email to automatically locate your friends!" It does NOT in any way tell you that it will be going through your contact list. A few other points have also been made: You can only opt in for YOUR information. I think it's wrong to give out someone else's when they have no say. Then you have the fact that some people DO use it for work and they can get sacked for compromising company information. If you think that's harsh, you've never worked in the corporate world then. You'd be lucky you don't get sued on top of it. Now, I'm not in any way thinking that AF would/is selling off our data. Call me whatever you want, but I honestly want to believe these are good people. The problem comes in when it's sent in plain text and anyone with a packet sniffer on the network between you and the AF servers could snag all the information in it. It's NOT THAT HARD. So, as just about all of us are in agreement, pull the community feature, purge the database and publicly state you are doing so, update/re-release AF that is more stable as a single player game, go back to the drawing board and completely recode the community feature so it will work more appropriately and it's secure. It's a beautiful game, last thing I want is to see it die.
|
|
|
Post by inemesis on Jul 23, 2008 14:25:59 GMT -5
Hi,
Like a few others I have joined the forum just to post to this thread.
First let me say that Aurora Feint is a fantastic game - of all the games on the App store, this is the one that really embraces the possibilities of the multi-touch screen and makes a unique and original game with them. Brilliant. I love the look, I love the sound, I love the concept and it's the most inventive app I have seen. You guys should be *really* proud of this. It's beautifully simple and really addictive and it reminds me of how I felt when Tetris first came out (I am that old).
Second, however trivial the idea of an app peeking into the address book may seem to some, and however innocent the mistake (and I am sure it is, by the way), in this litigious age, you just cannot take ANY chances with data privacy. In the last few years just about every company I come into contact with, small or large, has had to jump through endless hoops to comply with data protection laws, and it is something that they take very seriously. I know one company who was sued when the tops of a few letters of a few words were visible through the window of an envelope they sent. Apple will also take this very seriously - they will be in the firing line too if anything goes wrong.
My strong advice to you both, as others have suggested here, is to completely remove all of the community code for the time being - I believe you are working on just such an update. It is one of the sad aspects of modern life that these days you can't store any kind of personal info however innocent without all sorts of warnings and disclaimers and I don't think Apple will allow the community aspect back in until it is absolutely watertight. Someone said before that you will probably need to consult a lawyer to ensure that the new version does comply with data protection laws, and I think that would probably be wise.
In the meantime I can't wait for the update with fixed game-play. I hope that Apple gets that app back on the store asap.
Best of luck with this - you have real talent.
|
|
nbnb
Full Member
Posts: 140
|
Post by nbnb on Jul 23, 2008 14:39:33 GMT -5
Sometimes it seems to me that noone really cares about encryption. I bet all those [insert insulting title here] who are flaming now arent even thinking of using vpn/ssl-encryption when they are using their phone at public access points. Its really amazing what you can collect by naming your wifi-router "HotSpot" and just tcpdump http/pop/smtp/... directly into wireshark. (I suggest you only forward the ports to you are observing to WAN) Nevertheless it IS an issue. But now its known and its getting fixed...so all STFU pls (at least about the encryption and contact-upload issues) This is how i'd do it: Delete all accounts [required for the new structure] only allow unique USERNAMES (why did you take deviceids?) PASSWORD associated with username (H A S H! [can't stress that enough]) Support for more than one char (CHARNAMEs should not be forced to be unique -> avoids "g@nd4!f"-names...) Add friends by entering USERNAME(kind of "secret" so you decide who can see your character and who cant) and CHARNAME all problems solved.
|
|