Hidden Scroll/Growing Creatures Require Sign in using API

[Naraku]

Here's the revised suggestion:

 

If the API detects the scroll is hidden in some way (growing creatures or scroll, or perhaps even both), it prompts the user to log in through DC API, instead of giving the error 404 scroll not found. Fogged creatures still do not bypass this. Fan site owners don't have to adjust their sites to accommodate this change (TJ can correct me if I'm wrong).

 

Since hiding growing creatures will work well with this suggestion, here is the hiding only the growing creatures suggestion. It will be great to implement both, so the adults/frozen creatures can still be displayed on scrolls instead of being hidden altogether.

__________________________________________________________

Original OP below:

Disclaimer: I don't know how everything works with API so if this would mess things up with the rest of hatchery experience... this can be closed I guess. ¯\_(ツ)_/¯

So currently users are experiencing constant (reverse) viewbombing. I don't like hiding my scroll but apparently I have to resort to this if I don't want my scroll keep being removed from/added to hatcheries by somebody that's probably not even human.

 

Yes, this means having to sign in every time users want to access API. It's not a huge inconvenience, and I would prefer that over having my scroll removed from/added to hatcheries.

Edited September 12, 2019 by Naraku
revision and minor rewording

[The Dragoness]

So similar to how The Evina's Draghatch runs? It would be great if players could sign in and "lock" their scrolls to prevent viewbombing--without actually hiding their scrolls. However, there are still some older hatcheries that allow you to enter dragons via code. I wonder what would happen to those sites? I imagine that some people would not be too happy about the extra step as well. I would love to finally unhide my scroll, but that's just me.

 

I'm not sure if this particular method of adjusting the API is possible, but I 100% support the larger hatcheries requiring login.

Edited August 29, 2019 by The Dragoness

[Naraku]

Yep, similar to The Evina's Draghatch. I knew I was forgetting something, the codes. Yeah adding just codes is not as efficient as just adding the entire scroll in one click.

Edited August 29, 2019 by Naraku

[cyradis4]

The number 1 problem with this idea is, if I wanted to kill an egg.... I wouldn't use a hatchery. In fact, when I'm doing Zombies and kill-bombing my own hatchies.... I don't use hatcheries. I use high view forums. 

 

And an API login won't change that one bit. 

 

So no, can't support this. It would create all kinds of problems for hatchery owners, it won't work against kill-bombing, and there's plenty of time to catch remove-bombing. 

 

Cheers!
C4. 

[Fuzzbucket]

I'm with Cyradis here. I've been reverse bombed a few times, but usually that's not the issue bombing is. To kill or  blitz an egg I don't use hatcheries either. There are endless ways for the cunning to subvert anything, and the hassle of this isn't worth it.

[Ruby Eyes]

I would like if all hatcheries at least OFFERED me to secure my scroll the way I can do it on Evina's ...

[olympe]

Well, there is a very easy way to secure your scroll from being entered anywhere - although I never tried it the other way round. It's called "hiding" it...

[Ruby Eyes]

11 hours ago, olympe said:

Well, there is a very easy way to secure your scroll from being entered anywhere - although I never tried it the other way round. It's called "hiding" it...

That's not VERY EASY, it is VERY ANNOYING and should NOT be necessary if fansites were just USING what is GIVEN to them.

 

I do note that it is NOT HIDDEN from me that you come up with the same dismissive suggestion EVERY TIME I'm asking for a simple OPTION to be added to fansites. I've been playing this game for over 10 years. You can stop with that rubbish now.

Edited August 30, 2019 by Ruby Eyes

[Sazandora]

11 hours ago, olympe said:

Well, there is a very easy way to secure your scroll from being entered anywhere - although I never tried it the other way round. It's called "hiding" it...

It's real easy for you to just say "LOL, just hide your scroll to avoid viewbombing! :^)", but do you realize how obnoxious it is to be forced to unhide your scroll every time you want to add something to the hatcheries, and then re-hide it immediately afterwards? Plus what if you wanted to show off your scroll to others? Can't do that when you have to keep it hidden from those malicious viewbombers.

 

Having said that, I'm not sure what to think of this suggestion. On one hand I kinda like it, but on the other hand I have to admit I'm not sure if it really is all that useful. Clearly something has to be done to prevent viewbombing, so that people could feel secure enough to keep their scrolls visible and not have to fog every single one of their critters so that some idiots who have nothing better to do with their lives couldn't kill them by abusing game mechanics. But seeing what @cyradis4 pointed out, I'm not so sure on what this suggestion could really do.

[Chaosdawn]

On 8/28/2019 at 9:57 PM, cyradis4 said:

The number 1 problem with this idea is, if I wanted to kill an egg.... I wouldn't use a hatchery. In fact, when I'm doing Zombies and kill-bombing my own hatchies.... I don't use hatcheries. I use high view forums. 

 

And an API login won't change that one bit. 

 

So no, can't support this. It would create all kinds of problems for hatchery owners, it won't work against kill-bombing, and there's plenty of time to catch remove-bombing. 

 

Cheers!
C4. 

 

On 8/29/2019 at 3:22 AM, Fuzzbucket said:

I'm with Cyradis here. I've been reverse bombed a few times, but usually that's not the issue bombing is. To kill or  blitz an egg I don't use hatcheries either. There are endless ways for the cunning to subvert anything, and the hassle of this isn't worth it.

 

I'm curious which high view forums you use for zombies. I'm going to be starting to try to make zombies. 

[Shadowdrake]

This would easily subvert casual viewbombers though. Do you naysayers really think that the common upset player or troll is going to make such an effort to post on other forums to make someone mad? Sure, if they genuinely hated you they might do this or that other action to try to actually kill your things, but I can't imagine the drive by bombers who hit new release threads or trade hub would really type in image code links or all the individual eggs to post on other websites when it's a lot easier to just copy paste a username in a couple hatcheries and repeat. At the least it would stop making hatcheries a readily-available tool of harassment for anyone who acts on their urge of spite.

[Fuzzbucket]

Thing is that determined types like the group who murdered EATW will always find a way,and it won't need existing fan sites. So whatever one thinks about hiding a scroll, it will always be needed until the day we get to hide growing things in the same way we can hide adults. THAT is what would help most. What most of us want to show off is our adults, and what most of us are ok hiding is our babies. Please, TJ?

 

@Chaosdawn you don't need views for zombies, only for neglecting.

[purplehaze]

Making the fansites jump through hoops to prevent a problem that is not their fault just seems like the wrong approach.

[Ruby Eyes]

It's not really "jumping through hoops", it's simply using a feature that the API has offered for years already.

Call the API, read the response, store in database, set a cookie.

Except setting a cookie, this is what any fansite does already anyway. Setting a cookie is what the majority of websites do - why should it be such a hassle for a DC fansite owner?!

[Fuzzbucket]

My view is that we are lucky to have fan sites, and if I ran one I might be less than thrilled to have to add hoops.

 

Surely hiding growing things would solve everything but the determined saboteur,who will get past anything anyway.

[olympe]

6 hours ago, Ruby Eyes said:

That's not VERY EASY, it is VERY ANNOYING and should NOT be necessary if fansites were just USING what is GIVEN to them.

 

I do note that it is NOT HIDDEN from me that you come up with the same dismissive suggestion EVERY TIME I'm asking for a simple OPTION to be added to fansites. I've been playing this game for over 10 years. You can stop with that rubbish now.

Well, there are some problems with the log-into hatcheries scenario you seem to favor.

 

If this ever became true, you'd have to enter your password every single time you wanted to add or remove your scroll to/from a hatchery. This password would then have to be verified with DC, which means you'd have to wait. Since most players use more than just one hatchery, this means that you'd have to go through this process more than once.

 

In other words: That's not VERY EASY either, but VERY ANNOYING and should NOT be necessary for people who DON'T NEED it. And there's no need to be rude about me not conforming my opinion to suit your sensibilities. I could just as much claim that it's not been hidden from me that you always support this - often refuted - suggestion that adds no real benefit if you think it through carefully. Because...

 

• If you really want this password confirmation thing to be optional, you'd have to stay on top of every new fansite that comes online and preemptively "secure" your scroll there.
  • If all sites requesting access to DCs API would need to confirm the password, all non-fansites (like Yarrold's or other click-exchange sites, high-traffic forums and the like) would be unusable for raising dragons.
  • If, on the other hand, the password verification only applies to fansites - guess what? These non-fansites could still be used to kill your eggs. In other words: The only benefit of password verification is that you cannot be reverse-bombed.
• Effort wouldn't be less than for hiding/unhiding your scroll. Not to mention that you can keep your scroll unhidden while you're actively hunting or otherwise able to keep an eye on it.

Also, some TJ quotes from similar threads:

On 12/3/2018 at 3:24 AM, TJ09 said:

The idea I've tossed around is to make the API login feature able to load hidden accounts. Right now, the API has access to the same information people do, so if you hide your scroll hatcheries can't see anything about it. This is both good (others can't add your eggs somewhere) and bad (see above: you can't add your eggs).

As a little clarification on above statement:

On 12/3/2018 at 3:28 AM, TJ09 said:

Hatcheries that don't support login wouldn't be able to access hidden accounts, no. But that doesn't really bother me, since I'm of the opinion that all hatcheries should use the login feature instead of having an unverified text box.

 

This way, I'd honestly be okay with it. Because it wouldn't affect people who don't want to be affected, yet allows people to use this without having to watch for new fansites like a hawk. The only thing I'd like to see added is the account setting to "hide growing things" on your scroll so you can still show off your adults, and that that setting has the same effect as outlined by TJ above. Because that would suit pretty much everyone:

• Those who want to secure their scroll even if they want to be able to show off their adults/frozens.
• Those who don't want to be affected at all.
• Those who want to secure their scrolls temporarily (depending on whether they're under attack or not).
• It'd also be a safeguard against the use of other sites (forums, click-exchange sites...) since you cannot add what you cannot see.

[Ruby Eyes]

3 minutes ago, olympe said:

If this ever became true, you'd have to enter your password every single time you wanted to add or remove your scroll to/from a hatchery.

You do not. Inform yourself first.

Evina sets a very nice example, by simply setting a cookie. I only have to log in through the API once every 2 weeks (or if I clear my cookies for whatever reason).

[olympe]

Just to add to your very complete information:

4 minutes ago, Ruby Eyes said:

You do not. Inform yourself first.

Evina sets a very nice example, by simply setting a cookie. I only have to log in through the API once every 2 weeks (or if I clear my cookies for whatever reason).

That is if you keep your cookies, which not everyone does for security reasons. Also, some public places (like libraries) routinely delete cookies every time you log out or close the browser. I've seen both. 

 

[purpledragonclaw]

Please don't attack each other when discussing this suggestion, it's not adding to the discussion. 

[Nightwalkerkey]

I may be misunderstanding, but I do not want more steps to entering my scroll somewhere. Simply type it in, enter, add, done. No logging in or using passwords or hiding/unhiding for me.

Personally I don't see hiding your scroll as that big of an inconvenience and it only impacts you, where making every user log in when only a small percentage of users get attacked, seems odd to me.

Edited August 30, 2019 by Nightwalkerkey

[Naraku]

Current method: Access account setting, uncheck hide scroll, enter password(!) and confirm, add to/remove from multiple hatcheries (in my case, this is repeated 3 times), go back to account setting, check hide scroll, enter password and confirm. Optional: pray that somebody didn't manage to sabotage while you're doing that.

... and all that is repeated every time I obtain something new from AP, trading hub, etc. It quickly becomes a hassle.

Proposed method: Go to hatcheries, sign in through API for each, add/remove, done.

No hiding necessary. Don't forget that password autofill is a thing.

 

I would like to point out that I don't like hiding my entire scroll just to stop malicious people. I want it to be visible to anyone who wants to look through my scroll.

[Fuzzbucket]

Please can we just have hide growing things. Does it all.

[VixenDra]

3 hours ago, Naraku said:

Proposed method: Go to hatcheries, sign in through API for each, add/remove, done.

No hiding necessary. Don't forget that password autofill is a thing.

No, the proposed method, using the detail level of your description of the current on-scroll method, is:

go to hatcheries page(or have your browser clogged with individual hatcheries). access the 1st, enter login, enter password(!) and confirm, wait for the site to login, type/paste your scroll name, click add/remove, access the 2nd, enter login, enter password(!) and confirm, wait for the site to login, type/paste your scroll name, click add/remove. repeat again for 3rd, 4th, 5th...

(well, it's not that rare for me to mass add my ER stuff, because hatheries take way too long to hatch ERS! In your case THIS is what would be repeated 3 times - because when hiding/unhiding scroll, you do it for ALL hatcheries, no matter if you use 1 or 20...). the API login only doubles the work. THIS is where: "all that is repeated every time I obtain something new from AP, trading hub, etc. It quickly becomes a hassle." comes in.
I never use login-requiring hatcheries FOR A REASON. I just don't bother the extra hassle.

And good luck using the password autofill on a public device or with untrustworthy flatmates/guests around... It's not a good idea to promote unsafe behaviours, even if you can afford using them yourself. (And then we have the people who cry that someone else released/unnamed/did whathever with their dragon/s - because they didn't take into acount that THEY shouldn't use the unsafe time/hassle savers)

 

4 hours ago, Naraku said:

Current method: [...] Optional: pray that somebody didn't manage to sabotage while you're doing that.

Yeah, "pray" - because the offenders have no other scrolls to target and just sit there 24/7 refreshing your scroll every minute - if anyone can pray in your example, it's the viebombers praying to catch your very scroll in the very narrow visibility window... and IF you're a target due to having caught an egg they wanted, they will viewbomb it anyway, unless you hide the very egg - not the scroll (clue: they have your egg's code and don't rely on DC hatcheries:v).

 

 

On 8/29/2019 at 3:57 AM, cyradis4 said:

The number 1 problem with this idea is, if I wanted to kill an egg.... I wouldn't use a hatchery. In fact, when I'm doing Zombies and kill-bombing my own hatchies.... I don't use hatcheries. I use high view forums. 

 

And an API login won't change that one bit. 

 

So no, can't support this. It would create all kinds of problems for hatchery owners, it won't work against kill-bombing, and there's plenty of time to catch remove-bombing. 

 

Cheers!
C4. 

Glad to see the community finally realised this.

 

I wouldn't mind if users had an OPTION to lock their scrolls to API... but since TJ was always reluctant to optional functions... Well, I'm simply against being affected, especially by a thing that will NOT fix anything.

[Wymsical]

19 minutes ago, VixenDra said:

No, the proposed method, using the detail level of your description of the current on-scroll method, is:

go to hatcheries page(or have your browser clogged with individual hatcheries). access the 1st, enter login, enter password(!) and confirm, wait for the site to login, type/paste your scroll name, click add/remove, access the 2nd, enter login, enter password(!) and confirm, wait for the site to login, type/paste your scroll name, click add/remove. repeat again for 3rd, 4th, 5th...

(well, it's not that rare for me to mass add my ER stuff, because hatheries take way too long to hatch ERS! In your case THIS is what would be repeated 3 times - because when hiding/unhiding scroll, you do it for ALL hatcheries, no matter if you use 1 or 20...). the API login only doubles the work. THIS is where: "all that is repeated every time I obtain something new from AP, trading hub, etc. It quickly becomes a hassle." comes in.

What Naraku explained is that logging in through the API wouldn't need you to then state your scroll's name a second time, as signing in through the API already confirms your scroll name and that you are the owner of said scroll. Upon this confirmation it would then grab and display your growing dragons on the fansite. An example of logging in through the API fetching information can be found on DC Records site where this exact behaviour explained is displayed.

[olympe]

3 hours ago, Commander Wymsy said:

What Naraku explained is that logging in through the API wouldn't need you to then state your scroll's name a second time, as signing in through the API already confirms your scroll name and that you are the owner of said scroll. Upon this confirmation it would then grab and display your growing dragons on the fansite. An example of logging in through the API fetching information can be found on DC Records site where this exact behaviour explained is displayed.

That's still one extra step for every hatchery you use, every time you use it. Not to mention that, while this definitely helps with reverse viewbombing, it doesn't help with the original problem of viewbombing at all. Not to mention that it's probably only a small number of players who're affected by reverse viewbombing, while this "fix" would affect everyone.

 

I'm still of the opinion that there's a much better way to deal with this that's both optional (opt-in) and safe for both normal and reverse viewbombing.

• We need a feature to "hide growing things on scroll" in our account settings, just like we can already do with adults. This allows us to effectively protect the sensitive things on our scroll while still showing off everything else.
• Right now, hatcheries can't access accounts that are hidden. Why not implement an exception that a hatchery can access hidden things (like hidden eggs/hatchlings) from accounts with a sign-in on DC? This way, you verified that you're actually the owner of your scroll and get some special permission. Effect:
  • You can hide your growing things (via account settings), keep that setting and use a hatchery with log-in to still hatch our stuff.
  • You are normally opted out of this feature (unless you activate it), so you don't get affected if you don't want to.
  • If you use this, your growing things are 90% safe from viewbombing and 100% safe from reverse viewbombing. (Viewbombing still works with individual codes and either high-traffic forums or click-exchange sites. However, the only way to access the individual codes of *your* eggs are if you snatched them from the site and someone else tried for it, too. Or if you got the egg from a trade. However, eggs/hatchlings cannot be seen from your scroll without login.)
  • Not to mention that, if you use "hide growing things on scroll" instead of "hide scroll", you can always show off your scrolls while still keeping your little ones safe.
  • It also allows hatchery owners to add the login-for-hidden-things feature at their leisure, instead of shutting down all hatcheries unless their owners comply with the new policy.
  • It'd be an almost-perfect alternative to fogging (once you're sure your egg hasn't been targeted) to keep things safe, but with way less hassle (fogging up to 24 things separately) and while also allowing you to let them grow up.

 

So, yes, this is why I don't support an enforced login for all hatcheries, but want something better. Because it serves more purposes and more people in the best way possible.

Edited August 31, 2019 by olympe