Jump to content
White-Sword-Master

Ways to Reduce Viewbombing Attempts

Recommended Posts

I suggested something similar to this a while ago, actually. TJ himself popped up and said there's already something in the API that allows people to prove who they are to a fansite when they're not accepting aid.

 

The problem is fansites aren't using it, so viewbombers can easily shove them on all the hatcheries at once to ensure death.

 

I don't think Cinnamin means creating a new account, just that hatcheries should make use of the API login feature, where you log in with your existing DC account to verify your identity.

 

The way API login works, you never actually give your username and password to the fansite, only to DC itself, which then verifies your identity and tells the fan site "hey, they're legit."

 

As long as people ensure they only enter their credentials on dragcave.net pages, they're safe.

 

No, [your information] doesn't go through the fansite. Your credentials only go to DC. There are no text boxes on external sites involved.

 

Maybe it can be programmed this way:

 

1: enter name in hathery.

 

2: api check: aid on or off?

 

3a: if aid on --> back to site/ add eggs/hatchies.

3b: if aid off --> to dragcave for login.

 

4a: if correct --> to site/ add eggs and hatchies.

4b: if not correct, give message: this user is not accepting aid.

 

So why aren't fansites using this yet?

 

If fansites should use the API, then the API has to give some advantages for the fansite developers.

 

Thats not the case, i asked TJ09 some time ago to add the possibility to view hidden scrolls and fogged dragons after API login so EATW could access hidden scroll after using the API login, but that feature was never built in. I would like to use the API-login on EATW, but for now it just makes things more complicated for the users without having any advantages.

 

The market uses the API to protect the users from spam, but the market is only used by 200-300 users while the hatchery is used by allmost 6.000 users and most of them won't see the point in beeing forced to use the time consuming API login. This means that the choice to use the API login must be on the users side, it can't be forced for all users.

 

This shows yet another problem, the only effective way to protect yourself against viewbombing is to hide your scroll. But by hiding your scroll, fansites can't find your dragons either, even if you WANT them to. Adding options to protect you scroll from viewbombing attempts is fine, but only if those options don't result in beeing completly ruled out from all fansites.

 

Other problems:

This creates trouble for those with accepting aid on.

This creates trouble when someone has to rush out and leaves their scroll in the hands of a sitter.

Too much effort to have to log into every fansite a user makes use of.

Viewbombers won't just use fansites, anyway.

 

Summary:

 

There should be an option which allows the user to forbid access to his scroll via the API without previous authentication. (If people can't add your dragons to hatcherys, then viewbombing is much less likely to be successfull.) Redefining "not to accept aid" would make sense.

 

There must be an option for fansite owners to unlock access to hidden scrolls by using the API login. The access must only be granted for a limited timeframe. There may be an option to grant indefinite access to a fansite for automated tasks (like generating signatures or statistics) but this indefinite access must not be used for interactive tasks like adding eggs to a hatchery or alike.

 

API login should be made simplier for the dragcave users. They should not be forced to "log in again" on dragcave.net but simply using their existing session and only having to confirm the API login by clicking a single button. However automated login without any confirmation at all is not desired as it does not prevents fansites from reading your scroll without your permission.

 

 

Separate suggestions of interest:

Sickness e-mail notification: http://forums.dragcave.net/index.php?showtopic=132017

Multiple fogging: http://forums.dragcave.net/index.php?showtopic=117615

Hide/unhide all: http://forums.dragcave.net/index.php?showtopic=92431

Change the 'do not accept aid' to something more clear: http://forums.dragcave.net/index.php?showtopic=92115

Storm BSA: http://forums.dragcave.net/index.php?showtopic=119904

Guard BSA: http://forums.dragcave.net/index.php?showtopic=102229

Protect BSA: http://forums.dragcave.net/index.php?showtopic=104314

Heal BSA: http://forums.dragcave.net/index.php?showtopic=102231

Cure BSA: http://forums.dragcave.net/index.php?showtopic=110992

 

Original post:

 

If this is wrong place, I'm sorry...

 

Well, I'm been having vary unusual happening lately....

 

I know exactly what egg sites I post my eggs/hatchling in, only 3 of them, not on silvi's or yarold's....

 

Well, Of course I'm set up where it says, "This user is accepting aid from others" which entitles them to do whatever they want....

 

So, when I have a pink egg fogged b/c it was randomly place in 4 different egg hatcheries where we all know the eggs will get bombed with views, well, somtimes, and I found them and removed them, but who's to say they won't do it again? .....

 

I'm assuming, may be wrong, but some people are abusing there right to kill our eggs/hatchlings for either the fun of it or for some odd hariball reason....It may be against the rules, but you can't really trace it, all you can know is that its been put in an hatchery that you don't want it in......

 

Sure, silvi's and yarold's is good for others, but for me, it would seem for me that it could cause quick death for my eggs.....

 

Well, I came to suggest an limitation or a prevention thing if at all possible...

 

Under Account Settings-Where you allow to accept aid or not....

 

Have 4 instead of 2 actions

 

Accept Aid-Enable all use

Severe Limitation-Security Code pops up allowing you to say yay or nay on where your egg is put and no one can view your scroll without your approval, once the get it, then thay don't have to wait, they can view it anytime

Limited- Same, except anyone can view your scroll

 

This user is not accepting aid-Disables view from scroll and codes.

 

But no matterr what function, you can always see your scroll or egg/hacthling scroll...

 

It just brings to the table of thought, what if your tinsel or vamp, or neglected you got from a trade you loed do dearly b/c it was added into a site you don't like b/c you know your eggs will die if they do, as I know that for a fact on mine.....

 

Can you live with other users trying to kill your egg? Your hatchling? Just b/c you accapt aid, so they cane see your scroll, code, and add it in.....Sure, you might think its un-intentional, but truly, is it?

 

You can change any or the above, or hate on it, but truly, I'd sure hat to be an user to have there 7 eggs, 16 hatchlings all die @ the same time b/c someone was mean trying to kill your egg/hathlings by adding them in to as many hatcheries/dumos as can...

 

What about fog, face it, lets say your egg has 5 hours left, you fog it, it becomes healthy, you unfog it, 5 minutes later, its sick again.....You have no clue why, but it happens....so, you fog it, then it stays sick until its down to an hour left, guess what, its dead?

 

Its just an suggestion, but truly, I see it rational....

Edited by SockPuppet Strangler

Share this post


Link to post

I suggested something similar to this a while ago, actually. TJ himself popped up and said there's already something in the API that allows people to prove who they are to a fansite when they're not accepting aid.

 

The problem is fansites aren't using it, so viewbombers can easily shove them on all the hatcheries at once to ensure death.

Share this post


Link to post

@Lythiaren: Well, that's why I was thinking of having DC enlist it, so the Egg sites can kiss there yadyada.....

 

And it would be under accoun registration: So, it'd be easy to disable or enable it at levels....

Share this post


Link to post

To enforce it? Well yeah, that might help but if you need to authorize each fansite, then you will have to sift through a lot of things all the time. It's not terribly user-friendly and while some people may read this and think "Yeah! I'd rather authorize everything than have stuff die on me!", in practice it will very quickly become an annoyance.

 

Like I said my suggestion was similar, but in my case it was adding a second passcode thing that was separate from the scroll password and was barred from matching the scroll password ("if security != password then blahblah" -> one line of code ensures no matching) and forcing fansites to authenticate. A little more elegant than popups (which I think we may all be trained to kill with fire) or radio buttons.

 

Perhaps a list of allowed fansites in the account settings, but that may get more complicated.

Share this post


Link to post
To enforce it? Well yeah, that might help but if you need to authorize each fansite, then you will have to sift through a lot of things all the time. It's not terribly user-friendly and while some people may read this and think "Yeah! I'd rather authorize everything than have stuff die on me!", in practice it will very quickly become an annoyance.

Perhaps have three kinds of security, then:

 

Allow aid

Disallow aid

Disallow aid and require password validation when fansites interact with your scroll/dragons.

 

Seems kind of silly to allow aid and require password validation, because then nobody would be able to aid you.

 

Unless you want it so that you can see where all your eggs/hatchlings are posted somehow on the site. I'm not sure if that's possible or not, but it would come in handy.

Share this post


Link to post

It might be possible to list everywhere your eggs are posted, but it's not practical as long as people can lift an egg's code off the image.

 

Because then wherever they link/post it, that referrer would have to show up too.

Share this post


Link to post
Perhaps have three kinds of security, then:

 

Allow aid

Disallow aid

Disallow aid and require password validation when fansites interact with your scroll/dragons.

I like this idea. For users that have had view-bombing problems despite having the "no aid" message, an option to require a password in order for fansites to interact with our scrolls would be a great idea.

Share this post


Link to post

@~!~: Yea, that's a lot better, I was typing with one hand, so a lot of my things get mixed jumbled up, as you realized upon my pm that Imeant to send a different worded pm to you....

 

Yes, lets go with ~!~ idea from now on, except one thing, I thought only for people that could allow aid and still require password verfication is lets say exp'ers on here like to exp, but all of a sudden, when they unfog there egg, it was randomly posted in an ER they didn't know about...That was the only suggestion that made sense for them.....

 

But that was my other goal, not to help myself, but to help all othe DC Forums from getting their eggs/hatchlings killed unwantingly by devious and cruel members...

Edited by White-Sword-Master

Share this post


Link to post

Supporting the idea to have the option to know everywhere your eggs/hatchies are listed!

 

Whoops, misread. Edited.

Edited by stogucheme

Share this post


Link to post

I second this motion. None of the eggs or hatchlings which I've had sabotaged have died, as I've actually been online and caught them just as they've gotten sick, but it would definitely be nice to not have to worry.

Share this post


Link to post

I've never had this issue, except for one ER white about a year ago, and that was entirely my own fault for putting it in too many ERs and then leaving for a six hour round of back-to-back classes, so personally I don't see a need for it.

Share this post


Link to post

I've seen a few threads where people have been talking about view bombed eggs, so I think something like this might be handy. It's part of the game, but it's one thing to lose an egg out of mishandling, another to lose it because of someone else's maliciousness.

Share this post


Link to post

Why not just turn aid off & be responsible about adding your own eggs/hatchlings to view sites? Or have only trusted friends list your scroll?

 

I mean, is it honestly that hard to do?

Share this post


Link to post
Why not just turn aid off & be responsible about adding your own eggs/hatchlings to view sites? Or have only trusted friends list your scroll?

 

I mean, is it honestly that hard to do?

Because some people don't care if you're accepting aid or not, they want your eggs/hatchlings to die and will post them places anyway to be jerks.

 

Or some people are like "...I know they're not accepting aid, but the egg/hatchling is not being raised the same way I raise mine and I think it needs more views and they need help and probably won't mind!" and post the stuff anyway.

Share this post


Link to post

Why not just turn aid off & be responsible about adding your own eggs/hatchlings to view sites? Or have only trusted friends list your scroll?

 

I mean, is it honestly that hard to do?

Because that's 100% impossible without hiding your scroll and pretending you were banned.

 

Malicious people don't want your permission. In fact, they get a bigger kick out of killing your stuff if they don't. Turning aid off currently does diddly squat when it comes to other people putting your eggs in a hatchery. Any hatchery. If they have your name they can viewbomb you and there's nothing you can do about it short of monitoring your eggs 24/7 and fogging as soon as the views start going up faster than usual. Right now, I could viewbomb your eggs to death whether you have aid turned off or not.

 

I put my friend's eggs in hatcheries sometimes when she asks me to, but fansites don't know if she's given me permission or not. They don't even know I'm not her.

Edited by Lythiaren

Share this post


Link to post

Very big yes to this! I would set it to no aid and password as soon as i possibly could when/if implemented!

 

i use Yarolds to raise my dragons. always have, and i have yet to have one die on me... yet someone out there seems to think that i need help, and posts them in various hatcheries, without my knowledge, or permission.

 

I am getting tired of it, but cant do a single thing against it.,.. One would think the gold trophy and having over 500 dragons would be a hint that i know how to raise dragons!

Edited by engelina

Share this post


Link to post

Well, thank you all for your support or differences, and it would be what ~!~ said, b/c I liked it.....

 

But lets see what TJ has to say, as he is the main site person.....

 

@Lythiaren: Off topic, but I would like to know, why does your avi keep changing every 5 minutes?

Edited by White-Sword-Master

Share this post


Link to post

Well, there is one thing you are forgetting. IF I wanted to viewbomb you - I could simply do it with a page refresher. And I could do it through a proxy so I couldn't be traced.

 

That being so - if it were a complex bit of coding I think it would not be worth TJ's effort, given that it would also be a bit of a hassle for those of us who use fansites... And yes, it would be a pain for those of us who have to use scroll sitters at times.

 

~!~ has a rotating avatar. It does it all by itself smile.gif I don't THINK Lytharien does... but my browser could be acting up...

Edited by fuzzbucket

Share this post


Link to post

Fuzzbucket:

 

Hence the Linited-Severe limited actions so then no one can view your page....and sure, you could use a proxy, but that is illegal in some places I believe and we all know you'd be doing it, as if a system was incorporate into this allowing us to know who is ARing our page, as a systematic method of letting us know this, if at all possible....

 

Also, even if not illegal, who would seriously go through the time using a proxy to get around a website block just to purposely kill eggs, if I wanted to get around any sort of a block, it'd be to hack into TJ's account and do Malicious stuff, but b/c I don't know how and probably wouldn't want to, I'd go find something better 2 do, like hack an email account of a person I don't like and etc.....

 

That being so - if it were a complex bit of coding I think it would not be worth TJ's effort, given that it would also be a bit of a hassle for those of us who use fansites...

 

Yes, I realize it would be a pain to fansites and etc, hence my idea was a little pop-up or window would rather submit, and it would do it auto when you are signed into your account, the annoying thing would be having to type your password, but if you want extra security, then you have to submit to more annoyances, and it can be turned to the way you want it.....

 

Also, TJ is smart, I bet if he wanted to, in a few simple clicks, he could turn all our scrolls burned, and have us kicked off b/c he is tired of us, but why, who knows, its a free website and I understanding code would be hard, but I bet ya he knows how to do it.....and even if he doesn't, well, there are other computer geniuses out there somewhere...

 

And yes, it would be a pain for those of us who have to use scroll sitters at times.

 

 

What is a scroll sitter and why?

 

 

Also, Thanks for the ~!~ Avatar thing, lythiaren works as an rotating avatar each time I refresh the page, but nin's is blank for me....

Edited by White-Sword-Master

Share this post


Link to post

A scroll sitter is someone who minds your scroll when you can't be on line for a while. So they need the info to be able to fog and do whatever else may be necessary. (That's all they are allowed to do, not hunt or breed).

 

MANY players - especially those in college - HAVE to use proxies.

 

And it is pretty easy to find an egg and bomb it. You don't need the page, only the code, so if it was one yo missed.... (I say this as one who was viewbombed myself, not as a prospective bomber, I hasten to add,as you responded as though I were the latter... biggrin.gif)

 

ETA - Wow, yes about Lyth's avatar ! I just thought she was changing it at will !

Edited by fuzzbucket

Share this post


Link to post

i like the idea i havent personally had my eggs viewbombed yet but this would be useful incase someone does try to viewbomb me

Share this post


Link to post

There are ways to allow and disallow specific websites from hotlinking images, or to replace hotlinked things with some other image. I learned the trick some ten years ago, it involves a file named .htaccess and it's what sites like Geocities and Angelfire used to prevent people from using their hosting to host images. And since DC actually relies on hotlinking... well.

 

Also for my avatar... it's been on a randomizer for years. owo;

Share this post


Link to post

But if I put in - say - c9he to a fan site - then it will be zapped no ? Likewise, if I autorefresh that page ?

Share this post


Link to post

Yep. You'll also be autorefreshing other eggs on the page, so assuming you just AR the scroll you can still viewbomb. But remember you need the unique views to go up to death level before you can viewbomb anything to death, so one single person can't do anything but refresh the views to 15x the regular views. Which doesn't do anything but make the egg sick if the UVs are still fairly low. Or it'll just hatch if it's reached ER status.

Edited by Lythiaren

Share this post


Link to post
Perhaps have three kinds of security, then:

 

Allow aid

Disallow aid

Disallow aid and require password validation when fansites interact with your scroll/dragons.

 

Seems kind of silly to allow aid and require password validation, because then nobody would be able to aid you.

 

Unless you want it so that you can see where all your eggs/hatchlings are posted somehow on the site. I'm not sure if that's possible or not, but it would come in handy.

That's perfect, I wish we could have this, because a lot of my eggs and even hatchlings have died this way, and sometimes I take myself off of the accept aid option, because so many people post my eggs!

This needs to be enforced, and the fan-sites need to use this!

Share this post


Link to post
Guest
This topic is now closed to further replies.


  • Recently Browsing   0 members

    • No registered users viewing this page.