View-bombing solution?

[Corteo]

Disclaimer - yes I did search. I also do not know specifically how the API works, so there is some guess work here.

 

So I was thinking today about how there could be some sort of way to have API verification option for a user. Obviously having password verification wouldn't work because a nefarious hatchery might collect them.

 

My idea:

 

Have a secondary verification code, or password, that the user can set. This would be an opt-in for a user. This secondary code would have to be different from the password.

 

So a user goes to a hatchery and types in their username. The API checks if they have the code set. If they do not have this code set in their user options, they can then add their dragons just like has always happened. But if they do in fact have a verification code in place the API requires that the hatchery allows them to type in, and then confirm, their code before serving the dragons back.

 

What this would allow is some sort of password, without the secondary site being allowed near the actual account password.

 

In regards to having sites being updated to this - I think that'll happen naturally because sites will have to update or be forced to loose users.

[TheGrox]

I'm pretty sure Evina's already has something similar to this, where you need to put in your login details again to DC to verify before adding your eggs/hatchies. You can turn it on or off as you desire for your scroll. So it is possible to do something relatively similar to what you're suggesting already (though the other hatcheries don't offer similar features as yet).

 

Anything that helps against viewbombing is a good thing, though, and gets my support.

Edited May 26, 2014 by TheGrox

[Corteo]

The major thing with account details though is the potential for the secondary sites to collect that data (namely your account password), that's where this suggestion differs.

[Obscure_Trash]

The API sign in works so that you're just verifying to the hatchery that you are the correct user, but you are signing in via DC. The hatchery should never be able to get your password from this. It's basically a redirect to DC to verify your login. The pass doesn't go to the hatchery. As far as I understand it, anyway.

 

However, I think setting this different verification code would solve the problem of - how can anyone help scrollsit and add my dragons to fansites if I don't want to give them my pass/I have accepting aid on but still want some level of protection? Therefore, I'd support this.

[_Sin_]

Sick and tired of view bombing even if didn't happen to me lately (obsessively and perpetually hiding scroll, eggs, hatchlings) so I agree with whatever can improve the situation without putting at risk the normal login credentials.

[KageSora]

If it would help stop s from putting my low-time trades into click sites and ruining them for me, I'm all for it.

[DarkEternity]

The only issue is potential phishing sites but OP's idea is a good one avoiding that.

Edited May 26, 2014 by DarkEternity

[Nectaris]

And then they would find new ways to viewbomb. There was viewbombing going on before the first hatchery existed, all the hatcheries did was make it easier. If someone is maliciously viewbombing, I doubt this would help. I DO think it would help with well-intentioned "helpers" however.

[Syiren]

Sick and tired of view bombing even if didn't happen to me lately (obsessively and perpetually hiding scroll, eggs, hatchlings) so I agree with whatever can improve the situation without putting at risk the normal login credentials.

I am in full and complete agreement. I've said this several times before, so forgive me for repeating, but I would have had 5 CB Cavern Lurkers had they not all been killed by view bombing. It was my first Halloween on DC too, so it really made me upset. After that I've been paranoid over several dragon eggs. Especially when it came to my first CB Gold, GoN and these new Avatars. Now I watch my scroll like a hawk just to make sure my eggs and hatchies are safe. As a result, the only dead eggs on my scroll are failed vampire bites.

 

If there was a way to prevent or at least reduce the risk of view bombing then, I'm all for it.

[KageSora]

And then they would find new ways to viewbomb. There was viewbombing going on before the first hatchery existed, all the hatcheries did was make it easier. If someone is maliciously viewbombing, I doubt this would help. I DO think it would help with well-intentioned "helpers" however.

It's true that they'll still find ways to do it--but at the very least they won't be able to necessarily just easily shove them into multiple hatcheries. Take one method away from them.

 

And this has the added bonus of helping not just stop view-bombing but making it harder for the "well-intentioned" to cause unintentional harm to a dragon, or something.

[Concept]

I'd support this idea. The potential for malicious viewbombing will always be there, but anything that makes it harder for those that do it, I highly approve of.

 

Heck, I don't even really like the idea of -any- user beyond the owner being able to put eggs on a click site. But that's just me, and I'm not even slightly programming-savvy enough to offer up solutions myself

[danicast]

I fail to understand how this suggestion works because I use 3 hatcheries (Allure of Neglected Dragons, Dragon Dump and Eggs Around the World) and none of them asked me to register or use password to use them, I can add any scroll that I want, I'm used to baby sit to a friend of mine and I'm always adding my scroll and their scroll in these hatcheries. I would appreciate better explanations, I'm technologically challenged.

[Obscure_Trash]

I fail to understand how this suggestion works because I use 3 hatcheries (Allure of Neglected Dragons, Dragon Dump and Eggs Around the World) and none of them asked me to register or use password to use them, I can add any scroll that I want, I'm used to baby sit to a friend of mine and I'm always adding my scroll and their scroll in these hatcheries. I would appreciate better explanations, I'm technologically challenged.

Yes, that's because the fansites do not use the option. (There was a thread with some reasons as to why they didn't, but I'm not sure what it was called, so haven't tried searching too much for it.)

 

Do you use the site http://dc.evinext.com/ ? Try it just once. After you submit your scrollname it will tell you something like this:

 

These are the eggs and hatchlings on the scroll SockPuppet Strangler. Click the checkboxes to add or remove a dragon from the nursery. Dragons with 4 days or less will be added to the low time viewer instead. They will be automatically removed when they are dead, frozen, fogged, or grown up.

 

This scroll is not secure. Click here to manage scroll security.

 

Note that small text at the bottom? Click here is clickable. Click it and try it. You will be re-directed to DC through the site and be told this information:

 

The site "TheEvina's DragHatch" (dc.evinext.com) would like to verify your identity. Please provide your username and password below.

 

Note that this is a secure operation and that TheEvina's DragHatch will not have access to any sensitive information.

 

Never enter any private information unless your browser's URL bar says "dragcave.net!"

 

After you verify your identity, draghatch will offer to you:

 

Securing your scroll will prevent eggs from being added or removed from DragHatch without your permission. The first time you try to modify your scroll on a new browser you'll have to log in to prove it's you.

 

With a choice to "Enable security on this scroll". After you enable it, you are given three choices: allow one time access from this computer, allow access from this scroll, or disable security. These protections are to help prevent anybody who isn't you from adding your dragons to the site.

 

Now, it's been suggested in the past that all fansites have API verification - anytime you wanted to add your eggs, fansites would use the API option to redirect you through DC to verify your identity before you would be allowed to add your eggs. This is NOT registering on the fansite. It's the fansite using DC's API to verify that you own the scroll you are submitting. (Draghatch is really nice now in allowing you some choice in if you want security and how you want to handle security and I wonder if this option would be acceptable to other fansites or if it still has the same original problems with it as to why they don't use it in the first place.) This suggestion is that you could set a second verification code different than your password to verify to fansites that it's you.

 

This second verification code would allow you a little more flexibility in that you could then safely give this code to a friend or scrollsitter so they could also add/remove your stuff from fansites but you wouldn't be giving away your pass so at least if something happened, they couldn't also go on and kill/release a bunch of dragons from your scroll. It may also make users feel like their privacy is a little more protected as well.

 

Hope this helps.

Edited May 26, 2014 by SockPuppet Strangler

[Corteo]

In addition to Sock's post, it also wouldn't require redirecting off of the fansite necessarily.

[HeatherMarie]

The most glaring problem I see is this: Not all hatcheries are going to want to do whatever-it-is that allows this verification process. Not all hatcheries are going to be interested in asking for passwords or verifications or whatever.

 

If *only some* hatcheries employ this method, it's useless. Because malicious viewbombers will just go to the sites that don't.

 

If *all* hatcheries are forced to either employ this verification or (have access cut off or whatever), we'll lose a LOT of very good hatcheries because they don't want to jump through hoops.

 

If I'm misreading how this would work, please help me understand.

Edited May 26, 2014 by Marie19R

[FRiv]

I've seen EATW use that before for the dragon market. It may be a good idea, but you'd have to go to the site creators instead, I think. They could implement verification if the scroll has the "(Please note that it is against the site rules to give aid to a user without their permission.)" message and no verification requirement if the user requests aid, maybe.

 

EDIT: It won't be used by all hatcheries, but except in the time of release, where there are excessive views, if the more popular hatcheries implement it, it'd give an egg a better chance. My eggs are also removed from EATW, ValleySherwood and Allure of the Neglected Dragon when I fog them, also. (It's not removed from DragHatch.) (I may have some wrong.)

Edited May 26, 2014 by FRiv

[Corteo]

The most glaring problem I see is this: Not all hatcheries are going to want to do whatever-it-is that allows this verification process. Not all hatcheries are going to be interested in asking for passwords or verifications or whatever.

 

If *only some* hatcheries employ this method, it's useless. Because malicious viewbombers will just go to the sites that don't.

 

If *all* hatcheries are forced to either employ this verification or (have access cut off or whatever), we'll lose a LOT of very good hatcheries because they don't want to jump through hoops.

 

If I'm misreading how this would work, please help me understand.

From the OP -

 

If a user has set their passcode on site, the dragons wouldn't be added on any fansite at all without it. So if sites don't change, user's won't be able to add scrolls there.

[danicast]

Thank you for the explanation, SockPuppet Strangler, I think I understood. This security code seems to be like what google did on their email, you can not login on different computers.

If I understood correctly the only way to prevent view bombers is that all hatcheries adopt the security code, all of them make the code mandatory so only the scroll owner can login and add the eggs. I think the problem will be to convince all fansites to adopt such system.

Edited May 26, 2014 by danicast

[angelicdragonpuppy]

Rather than forcing hatcheries to add more things when they're already doing a huge service for free, I'd like to see sickness healing and sickness safeguarding BSAs (probably for Whites and Guardians, respectively) implemented. I'm sure they could be fine tuned in ways that would prevent them from making sickness entirely laughable while also doing a great deal to prevent viewbombing.

Edited May 27, 2014 by angelicdragonpuppy

[Sir Barton]

Rather than forcing hatcheries to add more things when they're already doing a huge service for free, I'd like to see sickness healing and sickness safeguarding BSAs (probably for Whites and Guardians, respectively) implemented. I'm sure they could be fine tuned in ways that would prevent them from making sickness entirely laughable while also doing a great deal to prevent viewbombing.

I would prefer this as well, mainly because I think that we should be responsible for seeing to the care of our own eggs... and extra passwords are a pain in the tail. Malicious people will find away around any safeguard put in place, but if we had the ability to heal or protect built into the abilities of our own dragons, there's no way for them to overcome that.

Edited May 27, 2014 by Sir Barton

[Obscure_Trash]

Rather than forcing hatcheries to add more things when they're already doing a huge service for free, I'd like to see sickness healing and sickness safeguarding BSAs (probably for Whites and Guardians, respectively) implemented. I'm sure they could be fine tuned in ways that would prevent them from making sickness entirely laughable while also doing a great deal to prevent viewbombing.

The only thing with this is sometimes it's not getting dragon's sick that you're trying to prevent - for example, as Kage was talking about their experience in Help recently: sometimes it's just trying to prevent people from ER'ing lowtime dragons from hatching, so sickness prevention shouldn't be the only thing I focus on, though I agree multiple layers of protection is best.

 

/run-on

[angelicdragonpuppy]

The only thing with this is sometimes it's not getting dragon's sick that you're trying to prevent - for example, as Kage was talking about their experience in Help recently: sometimes it's just trying to prevent people from ER'ing lowtime dragons from hatching, so sickness prevention shouldn't be the only thing I focus on, though I agree multiple layers of protection is best.

 

/run-on

This, too, has been covered in the BSA section. I think there are a lot of great BSA ideas out there (not just view related ones, either), so I'd love to see some more added instead of, again, forcing hatcheries to do even more work for us. ;___;

 

Cure - Whites: heals sickness

Distraction - Day / Night Glories: prevents dragons from gaining views for a certain amount of time

Guard - Guardians: prevents dragons from gaining views while in teleport

Protect - Guardians: stops a dragon from gaining views when it's close to becoming sick

Cloud Cover - Grays: allows fogged dragons to be traded

 

And these were just a few I spotted quickly. BSAs need more love!

Edited May 27, 2014 by angelicdragonpuppy

[cyradis4]

Couple of things.

 

1. How on earth would this stop view-bombing?

Reasoning:

All it takes is one viewbomber putting eggs in the signature of one very active forum and bye-bye eggs. So, still dead eggs. Same for a "helper".

 

2. There's already API verification that isn't used. How would this be any different?

Reasoning:

Other than Evina's, fansites don't use the existing API verification. How would this get around that? Would this check box tell the API to tell fansites that the egg doesn't exist except when the extra code is supplied?

 

3. Why would fansites that already don't use the existing API verification add the ability to check this extra code? What's in it for them?

Reasoning: They are free sites, and do not run off of ad revenue. They don't make money off of being used. So why would they care that some users are going elsewhere?

 

I'm just not seeing how this is different from the existing (and unused) API verification.

 

C4.

 

ETA: I agree with ADP: the solution is to add a BSA that prevents dragons from gaining any views, period, while protected. That prevents all types of viewbombing and "help" without putting extra effort onto the fansites.

Edited May 27, 2014 by cyradis4

[_Sin_]

Maybe will not stop view-bombing but... one of the principles of Risk Management is that you can't really remove a risk, just reduce it. This proposal should get rid of some of the easiest ways to view-bomb.

[Lythiaren]

I actually made a suggestion very very similar to this in the past (only difference: auto-activates for scrolls with assist turned off). TJ shot it down himself, because fansites that don't use the API Login feature already (which is most of them) aren't likely to use this sort of thing either.

 

It's a shame, though it's also important to remember that any egg is always at risk of viewbombing. All the person needs is the code and a high-traffic site, both of which can be obtained with ease. Some fansites don't even need a scroll name to enter things; notably, many high-traffic ERs will take just the code in case it's cutting really, really close.

Edited May 27, 2014 by Lythiaren