[azxten]

Quote:

Originally Posted by Soothsayer [You must be logged in to view images. Log in or Register.]

If you have nothing to hide, why worry about privacy? Even if we assume that some kind of spyware is in fact being used to monitor windows, itÂ’s not an issue unless you assume that someone cares about the YouTube videos youÂ’re watching or the random news articles youÂ’re reading, et cetera et cetera. Spoiler alert, nobody cares.

Quote:

Edward Snowden remarked "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."[9] He considered claiming nothing to hide as giving up the right of privacy which the government has to protect.

Daniel J. Solove stated in an article for The Chronicle of Higher Education that he opposes the argument. He believed that a government can leak information about a person and cause damage to that person, or use information about a person to deny access to services, even if a person did not actually engage in wrongdoing. A government can cause damage to one's personal life through making errors.[3] Solove wrote "When engaged directly, the nothing-to-hide argument can ensnare, for it forces the debate to focus on its narrow understanding of privacy. But when confronted with the plurality of privacy problems implicated by government data collection and use beyond surveillance and disclosure, the nothing-to-hide argument, in the end, has nothing to say."

Adam D. Moore, author of Privacy Rights: Moral and Legal Foundations, argued, "it is the view that rights are resistant to cost/benefit or consequentialist sort of arguments. Here we are rejecting the view that privacy interests are the sorts of things that can be traded for security."[10] He also stated that surveillance can disproportionately affect certain groups in society based on appearance, ethnicity, sexuality, and religion.

Bruce Schneier, a computer security expert and cryptographer, expressed opposition, citing Cardinal Richelieu's statement, "Give me six lines written by the hand of the most honest man, I'll find enough to hang him," referring to how a state government can find aspects in a person's life in order to prosecute or blackmail that individual.[11] Schneier also argued that the actual choice is between "liberty versus control" instead of "security versus privacy".[11]

Harvey A. Silverglate estimated that the common person, on average, unknowingly commits three felonies a day in the US.[12]

Emilio Mordini, philosopher and psychoanalyst, argued that the "nothing to hide" argument is inherently paradoxical. People do not need to have "something to hide" in order to hide "something". What is hidden is not necessarily relevant, claims Mordini. Instead, he argues an intimate area which can be both hidden and access-restricted is necessary since, psychologically speaking, we become individuals through the discovery that we could hide something to others.[13]

Julian Assange agreed with Jacob Appelbaum and stated that "Mass surveillance is a mass structural change. When society goes bad, it's going to take you with it, even if you are the blandest person on earth."[14]

Ignacio Cofone, a law professor, argued that the argument is mistaken in its own terms because, whenever people disclose relevant information to others, they also disclose irrelevant information. This irrelevant information has privacy costs and can lead to other harms, such as discrimination.[15]

In refutation of the argument, the Indian Supreme Court has found that the right to privacy is a fundamental right of Indian citizens.[citation needed]

Anyway...

Personally I think they should have a statement about this functionality, require people to agree to it when creating an account, and this statement should explain how that personal information is being handled. I was curious so read a bit of GDPR to see how it would apply to P99 but as far as I can tell P99 isn't a business. It's an entity which under GDPR entities are only required to comply if they are based in the EU. One thing I found that is interesting was some laws have defined protected personal information as also being aggregate non-identifying personal information if collected on more than 1000 different entities. From a project perspective what is being done is in fact risky because there is a very remote chance that someone's computer is named "bobsmithat123stidaho" and let's say they have a peculiar taste in porn and a staff member has this data from window titles and puts it out there. That person begins to have standing to sue and with actual damages. The data could be obtained by a malicious actor for example it doesn't have to be the staff intentionally using it for bad reasons. In this case P99 would almost definitely be in big trouble. No one agreed to this, they didn't disclose it officially, in this instance it was enough information to identify an individual, and it caused damages. Totally remote never going to happen kind of thing but in reality these things happen sometimes.

Of course these concepts are alien to most people. The risk is on the staff and it's their decision. I see little downside though. It's funny people would actively resist the idea that someone collecting personal information without your consent probably should stop doing that. Rogean said, "If you think what we're doing is bad you should see the other anti-cheat systems" referring to things like EAC and so on. The problem with that is those run with user consent via an agreement obtained duration installation. No such agreement exists for P99 regarding their data collection or usage.

Why resist doing this? It seems immature to me but my mindset is very corporate and seeks to avoid unnecessary risks. My perception is there is concern that if this was disclosed it would threaten growth, weaken the protection, or it's "hard" to implement properly since P99 logins are tied into EQEmu. You can make an EQEmu account without agreeing to anything from P99. The license.txt file has a disclaimer about this but the problem is you don't have to agree to this to play on P99. It's like if you signed up for a Facebook account and after you were already logged in and using the product they E-mailed you a list of rules and described how they're harvesting your personal data. That won't hold up in court.

Oh also since staff has commented on this they're now "knowingly" doing what they're doing in spite of people bringing these issues to their attention. Not even trying to be a dick I'd fix this up if I was in charge and this is how it is. Of course they could be comparing window titles on the client side and only sending a detection flag. Your computer name could be a one way hash for purposes of detecting boxing. There are a lot of assumptions about what is actually collected but then this gets into privacy laws about "processing" personal information as well.