dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
11

aberrant
Deviant One
join:2002-01-10
San Francisco, CA

aberrant to CylonRed

Member

to CylonRed

Re: Even Balance (PUNKBUSTER) Problems

said by CylonRed:
Their EULA is no different from any other software companies EULA...

Actually, it is very different from other EULAs. Have you seen it? It basically says, "We reserve the right to access any information on your computer at any time, and also reserve the right to take screenshots at any time." I generally skim EULAs, but after downloading America's Army and seeing that, I erased the entire thing from my machine and will not play any game that requires PB.

Even Balance says PB's not spyware. Why would they say otherwise?

CylonRed
MVM
join:2000-07-06
Bloom County
·Metronet

CylonRed

MVM

said by aberrant:
said by CylonRed:
Their EULA is no different from any other software companies EULA...

Actually, it is very different from other EULAs. Have you seen it? It basically says, "We reserve the right to access any information on your computer at any time, and also reserve the right to take screenshots at any time." I generally skim EULAs, but after downloading America's Army and seeing that, I erased the entire thing from my machine and will not play any game that requires PB.

Even Balance says PB's not spyware. Why would they say otherwise?

Yep - I read it - I have also read MS's and they are suspiciously similar. In fact MS got busted once for scanning hard drives for illegal software when a person went to the MS update site. It was ALL perfectly legal to do so. They supposedly stopped doing it after it got out (or so they said) but their EULA gives them the right to do so since it is their sofware and they reserve the right to make you pay for something you did not pay for.

aberrant
Deviant One
join:2002-01-10
San Francisco, CA

aberrant

Member

said by CylonRed:
said by aberrant:
said by CylonRed:
Their EULA is no different from any other software companies EULA...

Actually, it is very different from other EULAs. Have you seen it?
Yep - I read it - I have also read MS's and they are suspiciously similar. In fact MS got busted once for scanning hard drives for illegal software when a person went to the MS update site. It was ALL perfectly legal to do so. They supposedly stopped doing it after it got out (or so they said) but their EULA gives them the right to do so since it is their sofware and they reserve the right to make you pay for something you did not pay for.

Unfortunately, the reality is that most folks must trust Microsoft more than they need to trust Even Balance. MS owns the operating system and can put any malware it wants into the OS. You're trusting them not to do it. If you don't trust them, then you shouldn't run the OS -- and that limits what you can do in a lot of cases.

(This assumes that you're correct in your analysis of the EULAs. I don't recall ever seeing a MS EULA say that they have the right to access any file on your machine at any time, but I could be wrong.)

PB is different, IMO. Why should I be forced (via agreement to the EULA) to trust a company to behave nicely with the contents of my system just to play a GAME? It's not worth it to me, and frankly, I can't see how it would be worth it to anyone who stores any sensitive data on his/her machine.

Now, you can argue that you extend that trust to any software you place on your machine. That's true. However, in my mind, there's a big difference between granting the explicit right to do something (via the EULA in PB's -- and possibly MS's -- case) and trusting that the product won't do anything malicious (which is the case with other software with less restrictive EULAs). It's a hard sell to say, "Well, I agreed to PB's terms but I never thought they'd grab my bank information!" but it's easy to say, "I never agreed to let product X access any of my files, and nowhere did they say they were going to grab my bank information." In one case, there's a disclaimer of liability for this particular purpose, and in the other, my guess is that the company would be sued out of existence pretty darn quickly.

Are you willing to sign confidentiality rights to your entire machine over a game? If so, running PB shouldn't be an issue for you. If you've got a problem with doing so, however, you should rethink your use of PB under the current EULA, and perhaps pressure them to specifically state what they're allowed to access, and under what circumstances they're allowed to access it.
Anon
Anon

Anon

Anon

said by aberrant:
said by CylonRed:
said by aberrant:
said by CylonRed:
Their EULA is no different from any other software companies EULA...

Actually, it is very different from other EULAs. Have you seen it?
Yep - I read it - I have also read MS's and they are suspiciously similar. In fact MS got busted once for scanning hard drives for illegal software when a person went to the MS update site. It was ALL perfectly legal to do so. They supposedly stopped doing it after it got out (or so they said) but their EULA gives them the right to do so since it is their sofware and they reserve the right to make you pay for something you did not pay for.

Unfortunately, the reality is that most folks must trust Microsoft more than they need to trust Even Balance. MS owns the operating system and can put any malware it wants into the OS. You're trusting them not to do it. If you don't trust them, then you shouldn't run the OS -- and that limits what you can do in a lot of cases.

(This assumes that you're correct in your analysis of the EULAs. I don't recall ever seeing a MS EULA say that they have the right to access any file on your machine at any time, but I could be wrong.)

PB is different, IMO. Why should I be forced (via agreement to the EULA) to trust a company to behave nicely with the contents of my system just to play a GAME? It's not worth it to me, and frankly, I can't see how it would be worth it to anyone who stores any sensitive data on his/her machine.

Now, you can argue that you extend that trust to any software you place on your machine. That's true. However, in my mind, there's a big difference between granting the explicit right to do something (via the EULA in PB's -- and possibly MS's -- case) and trusting that the product won't do anything malicious (which is the case with other software with less restrictive EULAs). It's a hard sell to say, "Well, I agreed to PB's terms but I never thought they'd grab my bank information!" but it's easy to say, "I never agreed to let product X access any of my files, and nowhere did they say they were going to grab my bank information." In one case, there's a disclaimer of liability for this particular purpose, and in the other, my guess is that the company would be sued out of existence pretty darn quickly.

Are you willing to sign confidentiality rights to your entire machine over a game? If so, running PB shouldn't be an issue for you. If you've got a problem with doing so, however, you should rethink your use of PB under the current EULA, and perhaps pressure them to specifically state what they're allowed to access, and under what circumstances they're allowed to access it.

Dude, PB is great tool from stopping cheating monkeys. He got caught, that's what it have to do you get caught you get banned. So normal players don't have to put up with your hacking and enjoy the game. I runned PB since counter-strike 1.5 days. All my buddies run it. Whole lan party (50 computers) run it 24/7 for battle field and CS guess what noone got banned because no one cheated. If you don't want to install it play on non pb servers. Its NOT your right to play on PB servers YOU don't own any servers SERVER ADMINS choses what he wants to run. If you DON'T agree with that START YOUR OWN server and choose wtf you wan't to run on it. End of story. Don't do the crime if you can't do the time. Same bs with valves protection stupid kids cheat and when get busted they cry to valve and on forums how they NEVER NEVER hacked. Please we heard it all before and we are glad your banned less annoying hackers on servers.

CylonRed
MVM
join:2000-07-06
Bloom County
·Metronet

CylonRed to aberrant

MVM

to aberrant
Do I even think PB would look at my files (other than to see the name of the file) NO - I don't. It would be FAR to costly for them to do this and FAR to easy to track it to them. They would lose their entire business if they did and hence a deterrnet in and of itself where MS has no such deterrent.

MS determines for you where you can install the OS, how many times, and on what media is acceptable as a backup (to have a backup of the OS disk) and this is just the tip of the iceberg for them...

Since I play AA I don't mind them - it is either that or the majority of the people would be playing with hacks and that is some thing I can do without. And the same could be said for all online games and face it - online games make game manufacturers money so they will pair up with companies that do this type of service.

If a company could come up with a way to spot cheats on a client.... They would make a ton and it is also pretty much impossible without scanning the hard drive for known file names.

Only other thing is to not buy or update the game. As I said before - if people didn't buy it the game manufacturers would get the hint pretty fast if enough do it. I highly doubt the majority of the gamers would do this and I for one would stop playing online games if there was no way to nail cheaters (since I do not do it myself).

aberrant
Deviant One
join:2002-01-10
San Francisco, CA

1 recommendation

aberrant to

Member

to
said by :
Dude, PB is great tool from stopping cheating monkeys. He got caught, that's what it have to do you get caught you get banned. So normal players don't have to put up with your hacking and enjoy the game. I runned PB since counter-strike 1.5 days. All my buddies run it. Whole lan party (50 computers) run it 24/7 for battle field and CS guess what noone got banned because no one cheated. If you don't want to install it play on non pb servers. Its NOT your right to play on PB servers YOU don't own any servers SERVER ADMINS choses what he wants to run. If you DON'T agree with that START YOUR OWN server and choose wtf you wan't to run on it. End of story. Don't do the crime if you can't do the time. Same bs with valves protection stupid kids cheat and when get busted they cry to valve and on forums how they NEVER NEVER hacked. Please we heard it all before and we are glad your banned less annoying hackers on servers.

Nice rant. Did you even read what I was saying? Note: I've never been banned from any game because I refuse to install punkbuster in the first place due to their overbroad EULA. If it doesn't bother you that they have access to any of your files at any time, then go ahead and use it. Just as nobody's stopping me from NOT using it, nobody's stopping you from deciding the risk is worth it.

As soon as playing a game is more important than the loss of confidentiality on my system, I'll re-evaluate my decision not to allow PB on my machine.

In the meantime, I suggest you re-read what I posted, and you'll find that your previous post makes no sense as a reply to anything I wrote.
aberrant

aberrant to CylonRed

Member

to CylonRed
said by CylonRed:
Do I even think PB would look at my files (other than to see the name of the file) NO - I don't. It would be FAR to costly for them to do this and FAR to easy to track it to them. They would lose their entire business if they did and hence a deterrnet in and of itself where MS has no such deterrent.

I'd like to make three points about this:

1) It might be costly in terms of PR for them to do it, but you gave them permission to do so when you agreed to their EULA, so you'd have limited legal recourse if they decided to sell your info to the highest bidder. It's hard to get the privacy cat back in the bag once it's escaped... and there are cases where formerly-legitimate operations have done exactly this when the alternative is bankruptcy, government pressure to obtain information, or other duress.

2) Whether or not it's detectable is also debatable -- if you don't know how they're doing it, you don't know what to look for. AFAIK, PB is closed-source, so you don't really know how they're doing it except by observing detectable behavior, which by definition doesn't include undetectable behavior.

3) You're extending your trust not only to EB as a company, but to every employee and vendor to which EB grants access to its PB servers. Are you familiar with their employee hiring process, or vendor selection? If so, do you trust it not to allow a malicious actor legitimate access to your resources?

Again, it's your decision whether the risk is worth it. I'm not telling you what's bad or good, I'm just describing what is.

CylonRed
MVM
join:2000-07-06
Bloom County
·Metronet

CylonRed

MVM

1) Yep - I accepted the EULA - nuff said.

2) PB doesn't need to be closed source for me to know. I run things so that there can only be one 2 or ways for anyone to get the info. I also do not store passwords to financial institutions on my PC, I do not have credit card numbers on my PC (or even SS#), and only part of my savings/checking account # is in Quicken - the rest would have to be guesses as well as my pin.

3) I have yet to find a problem with their hiring. It is something that I have to deal with daily in all aspects. The question can be extended to the following:

Do you trust your banks tellers?
Do you trust your banks proff encoding department (they help clear all checks)?
Do you trust your stock broker?
Do you trust your waiter/waitress?
Do you trust your utility companies (if you pay by CC or even check)?
Do you trust your store cashier?
Do you trust your online store?

I think anyone gets the idea - you are not in charge in ANY of the hiring in ANY of these instances and you have to have some trust to the same info - if not worse info like Debit card # (potentially more dangerous than knowing the CC #).
Anon
Anon

Anon to aberrant

Anon

to aberrant
said by aberrant:
said by :
Dude, PB is great tool from stopping cheating monkeys. He got caught, that's what it have to do you get caught you get banned. So normal players don't have to put up with your hacking and enjoy the game. I runned PB since counter-strike 1.5 days. All my buddies run it. Whole lan party (50 computers) run it 24/7 for battle field and CS guess what noone got banned because no one cheated. If you don't want to install it play on non pb servers. Its NOT your right to play on PB servers YOU don't own any servers SERVER ADMINS choses what he wants to run. If you DON'T agree with that START YOUR OWN server and choose wtf you wan't to run on it. End of story. Don't do the crime if you can't do the time. Same bs with valves protection stupid kids cheat and when get busted they cry to valve and on forums how they NEVER NEVER hacked. Please we heard it all before and we are glad your banned less annoying hackers on servers.

Nice rant. Did you even read what I was saying? Note: I've never been banned from any game because I refuse to install punkbuster in the first place due to their overbroad EULA. If it doesn't bother you that they have access to any of your files at any time, then go ahead and use it. Just as nobody's stopping me from NOT using it, nobody's stopping you from deciding the risk is worth it.

As soon as playing a game is more important than the loss of confidentiality on my system, I'll re-evaluate my decision not to allow PB on my machine.

In the meantime, I suggest you re-read what I posted, and you'll find that your previous post makes no sense as a reply to anything I wrote.

Ok? I wasn't even replying to you. But no one is forcing you to use PB. Don't wan't to install it? We don't wan't you to play with us. Simple?

Cig_R
@216.116.x.x

Cig_R

Anon

You say that you play games for the mere enjoyment; however, this whole charade that you're embarking upon indicates that it's more than just pure entertainment value.

You said that EB needs to change their EULA. Did you stop to think that many company's EULA's contain the same (if not, similar) stipulations prior to using their product? So who are you planning on attacking next? Microsoft, perhaps?

One thing you fail to realize is that you ARE NOT an EB customer. Did you buy something from EB? I would have to say "NO". You purchased a product made available by EA. EA, along with many other respectable companies, simply integrated this FREE solution into their products. EB does NOT have to treat you fairly, as their aren't the ones DIRECTLY offering this FREE product. Now if EA treated you unjustly, which OBVIOUSLY was NOT the case, then I WOULD SUPPORT YOU whole-heartedly in your efforts. Once again, you ARE NOT an EB customer, but rather an EA customer.
Anon
Anon

Anon

Anon

said by Cig_R:
You say that you play games for the mere enjoyment; however, this whole charade that you're embarking upon indicates that it's more than just pure entertainment value.

You said that EB needs to change their EULA. Did you stop to think that many company's EULA's contain the same (if not, similar) stipulations prior to using their product? So who are you planning on attacking next? Microsoft, perhaps?

One thing you fail to realize is that you ARE NOT an EB customer. Did you buy something from EB? I would have to say "NO". You purchased a product made available by EA. EA, along with many other respectable companies, simply integrated this FREE solution into their products. EB does NOT have to treat you fairly, as their aren't the ones DIRECTLY offering this FREE product. Now if EA treated you unjustly, which OBVIOUSLY was NOT the case, then I WOULD SUPPORT YOU whole-heartedly in your efforts. Once again, you ARE NOT an EB customer, but rather an EA customer.

Couldn't put it better my self.

RR206
join:2001-12-11
united state

RR206 to Cig_R

Member

to Cig_R
said by Cig_R:


One thing you fail to realize is that you ARE NOT an EB customer. Did you buy something from EB? I would have to say "NO". You purchased a product made available by EA. EA, along with many other respectable companies, simply integrated this FREE solution into their products. EB does NOT have to treat you fairly, as their aren't the ones DIRECTLY offering this FREE product.

Thats what the hell I've been tryin to say...But he just tells everyone to read the thread...

aberrant
Deviant One
join:2002-01-10
San Francisco, CA

aberrant to CylonRed

Member

to CylonRed
said by CylonRed:
1) Yep - I accepted the EULA - nuff said.

2) PB doesn't need to be closed source for me to know. I run things so that there can only be one 2 or ways for anyone to get the info. I also do not store passwords to financial institutions on my PC, I do not have credit card numbers on my PC (or even SS#), and only part of my savings/checking account # is in Quicken - the rest would have to be guesses as well as my pin.

You don't have to store anything. They can grab screenshots too, remember? All they need to do is grab one while you're logged in, or use a box revealer when you're logging in.
quote:

3) I have yet to find a problem with their hiring. It is something that I have to deal with daily in all aspects. The question can be extended to the following:

Do you trust your banks tellers?
Do you trust your banks proff encoding department (they help clear all checks)?
Do you trust your stock broker?
Do you trust your waiter/waitress?
Do you trust your utility companies (if you pay by CC or even check)?
Do you trust your store cashier?
Do you trust your online store?

I think anyone gets the idea - you are not in charge in ANY of the hiring in ANY of these instances and you have to have some trust to the same info - if not worse info like Debit card # (potentially more dangerous than knowing the CC #).

These are different in that there are laws expressly prohibiting fraudulent transactions -- generally the case whenever money is involved. What isn't protected (at least in other states than CA at this point) is disclosure of personal (HIPAA aside for the moment) information by a private (nongovernmental) organization. THAT's the risk here.

For financial transactions, there's also generally a limit on consumer liability for fraud. However, what OTHER nonfinancial information about you is on your machine? Perhaps some medical history. Perhaps the names, ages, and pictures of your kids, along with your address and the address of their schools and names of their teachers. Couple this with a screenshot of your current bank statement, and you've got some pretty scary possibilities as far as ransoms go. And EB doesn't have to be directly involved if there's a malicious actor out there with access to PB. I'm certainly not insinuating that a company like EB would approve of, let alone be involved in, this sort of activity.

Couple PB with government pressure to obtain information on individuals and their ability to request information without a warrant in lots of cases, and you've now got the conspiracy nuts going bonkers (especially since there's a tie between the government and PB via America's Army). Could EB stand up to an FBI request to view files on gameplayers' systems? If AOL and public libraries can't do it, why would you think EB would fare any better?

I work in information security for a large financial institution, so I'm perhaps hypersensitive to these issues. But just because I'm paranoid doesn't mean they're NOT out to get me, using whatever tools are available -- and if they're tools that I expressly agreed to have used against me, so much the better for them.

And you have to think about all this just to play a game that's been ruined by cheaters. It's sad on so many levels.

CylonRed
MVM
join:2000-07-06
Bloom County
·Metronet

CylonRed

MVM

said by aberrant:
said by CylonRed:
1) Yep - I accepted the EULA - nuff said.

2) PB doesn't need to be closed source for me to know. I run things so that there can only be one 2 or ways for anyone to get the info. I also do not store passwords to financial institutions on my PC, I do not have credit card numbers on my PC (or even SS#), and only part of my savings/checking account # is in Quicken - the rest would have to be guesses as well as my pin.

You don't have to store anything. They can grab screenshots too, remember? All they need to do is grab one while you're logged in, or use a box revealer when you're logging in.
quote:

3) I have yet to find a problem with their hiring. It is something that I have to deal with daily in all aspects. The question can be extended to the following:

Do you trust your banks tellers?
Do you trust your banks proff encoding department (they help clear all checks)?
Do you trust your stock broker?
Do you trust your waiter/waitress?
Do you trust your utility companies (if you pay by CC or even check)?
Do you trust your store cashier?
Do you trust your online store?

I think anyone gets the idea - you are not in charge in ANY of the hiring in ANY of these instances and you have to have some trust to the same info - if not worse info like Debit card # (potentially more dangerous than knowing the CC #).

These are different in that there are laws expressly prohibiting fraudulent transactions -- generally the case whenever money is involved. What isn't protected (at least in other states than CA at this point) is disclosure of personal (HIPAA aside for the moment) information by a private (nongovernmental) organization. THAT's the risk here.

For financial transactions, there's also generally a limit on consumer liability for fraud. However, what OTHER nonfinancial information about you is on your machine? Perhaps some medical history. Perhaps the names, ages, and pictures of your kids, along with your address and the address of their schools and names of their teachers. Couple this with a screenshot of your current bank statement, and you've got some pretty scary possibilities as far as ransoms go. And EB doesn't have to be directly involved if there's a malicious actor out there with access to PB. I'm certainly not insinuating that a company like EB would approve of, let alone be involved in, this sort of activity.

Couple PB with government pressure to obtain information on individuals and their ability to request information without a warrant in lots of cases, and you've now got the conspiracy nuts going bonkers (especially since there's a tie between the government and PB via America's Army). Could EB stand up to an FBI request to view files on gameplayers' systems? If AOL and public libraries can't do it, why would you think EB would fare any better?

I work in information security for a large financial institution, so I'm perhaps hypersensitive to these issues. But just because I'm paranoid doesn't mean they're NOT out to get me, using whatever tools are available -- and if they're tools that I expressly agreed to have used against me, so much the better for them.

And you have to think about all this just to play a game that's been ruined by cheaters. It's sad on so many levels.

They can't take screenshots because I don't have the info on my PC - they won't get passwords or account numbers. I see no reason to have teacher names om my PC (when my kid can go to school). When I am looking at my credit card bill all they will be able to see is $ amounts - not even the CC#. My bank statement is by regular mail - where A NYONE who got ahold of the mail could get the info easier than trying to get it off my PC.

I do not see any reason for ANYTONE to have their entire life on the PC - from SS#'s to account numbers. If the govt wanted to spy on you they won't do it thru PB and they already can do that if they wanted. Fighting PB will DO NOTHING to avoid this - not in any way shape or form and it is fantasy to think it will.

aberrant
Deviant One
join:2002-01-10
San Francisco, CA

aberrant

Member

said by CylonRed:
I do not see any reason for ANYTONE to have their entire life on the PC - from SS#'s to account numbers. If the govt wanted to spy on you they won't do it thru PB and they already can do that if they wanted. Fighting PB will DO NOTHING to avoid this - not in any way shape or form and it is fantasy to think it will.

I'm not suggesting fighting PB at all. I'm suggesting that if you're one of the many people who do have information on your machine that you consider confidential, you realize the risk you're taking by clicking through a EULA that gives a company express permission to view anything on your system. To you, it's worth the risk, since you don't have anything of value on your machine. To me it's not worth the risk -- even though my confidential information is encrypted, there's no defense against memory snooping or keylogging, both actions that are possible AND PERMISSIBLE via PB.

As to your dismissal of governmental interference -- don't be so hasty. They're requesting data from datamining companies, from financial institutions, from the post office and other mail services, and from ISPs and libraries. I haven't seen any evidence that they've got any declared limits on whom they'll ask to get information that they think they'll need.

Based on the number of penetration tests I've done over the years, the majority of computer users out there store at least some confidential/embarrassing information on their PCs. Should they not be aware of the risk of granting this program access to their systems? Sure, PB is only used for anti-cheating... now, and as far as you know. Can conditions change sufficiently for it to be used in a different manner? I'd suggest that it's not only possible, but more likely over time as actors -- both malicious and official -- realize the power they've got over unsuspecting users.

Bottom line: Fighting PB is not the goal. Educating potential users about the ramifications of accepting that EULA should be.
aberrant

aberrant to

Member

to
said by :

Ok? I wasn't even replying to you. But no one is forcing you to use PB. Don't wan't to install it? We don't wan't you to play with us. Simple?

You weren't responding to me, yet you managed to quote both of my posts in their entirety, starting with my first? That's strange.

It's very simple. I'm not arguing for the right to play a game for which I haven't agreed to the terms. In fact, I'm not arguing for anything except user education, and I'm theorizing that most users don't understand what they're giving up when they click through this EULA (or any other, but this is the broadest one I've come across, and happens to be the subject of discussion here).

Surely you're not against users understanding what they're agreeing to when they install PB, are you?

CylonRed
MVM
join:2000-07-06
Bloom County
·Metronet

1 edit

CylonRed to aberrant

MVM

to aberrant
I think there is a misunderstanding of what PB does and how it does it and its limitations. I am not an expert but in reading what PB has availalbe online and thrui some VERY simple tests the theory should be easy to prove/disprove.

PB allows the pics of a screen (a screenshot) thru its software. This has to be done by an Admin of a server that uses PB to use the PB command that takes the screenshot. This would mean that:

1) PB MUST be running on the person's PC.
2) Which means that a game with PB MUST be running at the time of the screenshot.
3) PB takes a screenshot of the GAME and only the game.

I do not believe PB has the ability to take a screenshot of my open Quicken file if AA (in my case the game I play) is minimized. This ALONE takes out ANY possibility of any "secret" info I have on my PC being taken with a screenshot adn used against me. I do not even think the folks at PB can issue the command to TAKE screenshots of me from their home offices.

If my assumptions above are correct - for ANYONE to use PB to gather 'secret' info they would have to jump thru a lot of hoops to maybe get some info (most, if not all, of which is freely available in my mailbox on any given day). They would have to:

1) Be an Admin of a server I just happen to play on.
2) Know I have a file open - apparently by magic - as taking a lot of screenshots and uploading would, at sometime, be noticed by a savy user or a user who monitors packets going in or out.

If the govt tried to get PB to take screenshots it becomes even harder since PB would have to:

1) know my IP and if you are running via an open proxy this is, at best, VERY difficult.
2) know the server I am on - possible.
3) become an admin of the server - I guess they could guess the admin name and password.
4) know I am looking at something they want to see - or else be causght by uploading to many screenshots.

This is a VERY ineffecient way of doing things since the govt can monitor you better via your ISP or Goliath (I believe that is the big brother program the govt may be running to spy on folks overr the net). If the govt REALLY wanted to see what you had on your PC it is only a sympathetic judge away - they have the means and they will do it - no one needs PB to do it for them.

{EDIT} If PB added this functionality in - the functionality of taking a screenshot of what ever program you are in or allowing their employees to do so then they would lose 100% of their business as I know of no game company that would allow this to be done via their game. This functionality would also be EASY to see, duplicaste, and prove. I would be willing to test it once a week if need be.

I will be more than willing to test out this theory by having one of the Admins for the BBR AA Honor server try and take pics of me insulting them (and their mother ) in Word while I have AA minimized. They would then take PB screenshots and they would have to tell me exactly what I wrote.

Right now there is only one way for the govt not to track you or allow your info out to other people:

1) Get rid of the house/apt or dwelling.
2) Close all bank accounts.
3) Get rid of your SS card.
4) Never apply for a loan.
5) Never hold a job.
6) Do not register a car and hence never drive again - you could be stopped for no tags after all.
7) Camp in the wilderness for the rest of your life.
8) Only use cash.

This possible suit does nothing to educate users - not in the least. Simply put - if you don't like the rules put forth by the EULA then don't use the software - it IS as simple as that. I fail to see how PB's EULA is seemingly not ok but MS's is OK (which I take it he thinks it is ok because he is not bringing a suit against MS for their EULA).

aberrant
Deviant One
join:2002-01-10
San Francisco, CA

1 recommendation

aberrant

Member

said by CylonRed:
I think there is a misunderstanding of what PB does and how it does it and its limitations. I am not an expert but in reading what PB has availalbe online and thrui some VERY simple tests the theory should be easy to prove/disprove.

PB allows the pics of a screen (a screenshot) thru its software. This has to be done by an Admin of a server that uses PB to use the PB command that takes the screenshot. This would mean that:

1) PB MUST be running on the person's PC.

How do you determine what components are/need to be running on the PC in order to capture data?
quote:

2) Which means that a game with PB MUST be running at the time of the screenshot.

Why do you assume that PB is only running when a game is active?
quote:

3) PB takes a screenshot of the GAME and only the game.

I do not believe PB has the ability to take a screenshot of my open Quicken file if AA (in my case the game I play) is minimized. This ALONE takes out ANY possibility of any "secret" info I have on my PC being taken with a screenshot adn used against me. I do not even think the folks at PB can issue the command to TAKE screenshots of me from their home offices.

How do you know this? If this is the case, why does their EULA not specifically restrict their screenshot-taking to game data only?
quote:

If my assumptions above are correct - for ANYONE to use PB to gather 'secret' info they would have to jump thru a lot of hoops to maybe get some info (most, if not all, of which is freely available in my mailbox on any given day). They would have to:

1) Be an Admin of a server I just happen to play on.

... or know how to remotely activate the capture features present in PB. (And, by the way, the mailbox argument doesn't work, because tampering with the post is a federal offense. We're talking about LEGAL data gathering here, not illegal. Whether the data are used for illegal purposes later is a different question.)
quote:

2) Know I have a file open - apparently by magic - as taking a lot of screenshots and uploading would, at sometime, be noticed by a savy user or a user who monitors packets going in or out.

For a screenshot, perhaps. What about a file or memory inspection?
quote:

If the govt tried to get PB to take screenshots it becomes even harder since PB would have to:

1) know my IP and if you are running via an open proxy this is, at best, VERY difficult.

How do open proxies fit into this scenario? Here's another one: PB servers know when you're online (when PB's running -- see above), because the program "registers" with a main PB server (assumption, but it DOES do auto-updating, right? The updates and update notifications have to come from a legitimate EB/PB site....). The FBI knows your IP address since they've gotten it via your ISP. All they have to do is wait for PB to register itself and they've got access to your machine.
quote:

2) know the server I am on - possible.

Not necessary (see above re: autoupdate).
quote:

3) become an admin of the server - I guess they could guess the admin name and password.

Not necessary. All they need is your IP address, which they've got.
quote:

4) know I am looking at something they want to see - or else be causght by uploading to many screenshots.

Not necessary. PB allows them to inspect any file, any memory location, AND take screenshots to boot.
quote:

This is a VERY ineffecient way of doing things since the govt can monitor you better via your ISP or Goliath (I believe that is the big brother program the govt may be running to spy on folks overr the net). If the govt REALLY wanted to see what you had on your PC it is only a sympathetic judge away - they have the means and they will do it - no one needs PB to do it for them.

According to PB's own EULA, PB allows them complete, unfettered access to your filesystem. An ISP doesn't allow that... all they can see is what's being transmitted or received, and if that's encrypted with any decent system, they're out of luck. PB gives them the keys to the kingdom, with one-stop shopping (no need to sneak into your house when you're gone).

And if we're talking about the same system, it's called DCS1000, formerly named Carnivore.
quote:

I will be more than willing to test out this theory by having one of the Admins for the BBR AA Honor server try and take pics of me insulting them (and their mother ) in Word while I have AA minimized. They would then take PB screenshots and they would have to tell me exactly what I wrote.

Do the admins know how PB works? Have they reviewed the code? Do they know ALL the functions (even the easter eggs)?
quote:

Right now there is only one way for the govt not to track you or allow your info out to other people:

List snipped. We're not talking about tracking. We're talking about collecting information that is otherwise
difficult to collect.
quote:

This possible suit does nothing to educate users - not in the least. Simply put - if you don't like the rules put forth by the EULA then don't use the software - it IS as simple as that. I fail to see how PB's EULA is seemingly not ok but MS's is OK (which I take it he thinks it is ok because he is not bringing a suit against MS for their EULA).

On this we agree 100%. Suing EB over PB's EULA is just silly. I'd encourage this guy to post his docket number when (if, since I don't really believe he's serious) he gets it.

An interesting thought comes to mind. As a pen tester, there are certain things that I'm legally obligated to do. For example, if I ever come across child pornography during one of my tests, I am obligated to inform law enforcement. This goes for any individual, by the way. What happens if EB/PB comes across kiddie porn during one of their captures? Seems to me they'd be liable if they failed to report it. Shrug. IANAL, so I don't know -- but an interesting question, I think.

CylonRed
MVM
join:2000-07-06
Bloom County
·Metronet

1 recommendation

CylonRed

MVM

said by CylonRed:
I think there is a misunderstanding of what PB does and how it does it and its limitations. I am not an expert but in reading what PB has availalbe online and thru some VERY simple tests the theory should be easy to prove/disprove.

PB allows the pics of a screen (a screenshot) thru its software. This has to be done by an Admin of a server that uses PB to use the PB command that takes the screenshot. This would mean that:

1) PB MUST be running on the person's PC.
[QUOTE=aberrant See Profile]How do you determine what components are/need to be running on the PC in order to capture data?
So PB can - without ANY PB process running take a screenshot then send it to them? I would think PB would have to hijack my PC - take over processes and hardware then use a port (hopefully not blocked by my firewall) to sent it to them all without a user noticing? I would like to see that but it DOES stand to reason that since PB takes the screenshot it has to be running.
said by CylonRed:

2) Which means that a game with PB MUST be running at the time of the screenshot.
said by aberrant:

Why do you assume that PB is only running when a game is active?
Ahh - a secret process that even your PC does not know about AND hides from Task manager - even virus/trojan writers seem to have a problem doing this else it would be a LOT harder to find viruses/trojans.
said by CylonRed:

3) PB takes a screenshot of the GAME and only the game.

I do not believe PB has the ability to take a screenshot of my open Quicken file if AA (in my case the game I play) is minimized. This ALONE takes out ANY possibility of any "secret" info I have on my PC being taken with a screenshot adn used against me. I do not even think the folks at PB can issue the command to TAKE screenshots of me from their home offices.
said by aberrant:

How do you know this? If this is the case, why does their EULA not specifically restrict their screenshot-taking to game data only?
As I noted - I am willing to test the theory (yes I did call it a theory) and YES I said I would do this. should be EASY to prove/disprove - as I also noted.
said by CylonRed:

If my assumptions above are correct - for ANYONE to use PB to gather 'secret' info they would have to jump thru a lot of hoops to maybe get some info (most, if not all, of which is freely available in my mailbox on any given day). They would have to:

1) Be an Admin of a server I just happen to play on.

said by aberrant:

... or know how to remotely activate the capture features present in PB. (And, by the way, the mailbox argument doesn't work, because tampering with the post is a federal offense. We're talking about LEGAL data gathering here, not illegal. Whether the data are used for illegal purposes later is a different question.)
Actually - it is VERY relevant - If I was so concerend about people having access to my info (accounts #'s, CC, Soc Sec #'s etc) the mail is FAR more of a worry than a game - far, far, FAR more whether it is illegal or NOT as identity theft is illegal and you have been stating you are afraid someone using PB for identity theft among other things.
said by CylonRed:

2) Know I have a file open - apparently by magic - as taking a lot of screenshots and uploading would, at sometime, be noticed by a savy user or a user who monitors packets going in or out.

said by aberrant:
For a screenshot, perhaps. What about a file or memory inpection?
They do file inspection since it is one of the ONLY way to catch cheaters but I do not think PB has Quicken built into it to inspect the files THEN decide to pull any over.

As I also stated - for anyone who logs what goes in and out this should be easy to spot and there are enough people like that do that to be news REAL quick.
said by CylonRed:

If the govt tried to get PB to take screenshots it becomes even harder since PB would have to:

1) know my IP and if you are running via an open proxy this is, at best, VERY difficult.

said by aberrant:
How do open proxies fit into this scenario? Here's another one: PB servers know when you're online (when PB's running -- see above), because the program "registers" with a main PB server (assumption, but it DOES do auto-updating, right? The updates and update notifications have to come from a legitimate EB/PB site....). The FBI knows your IP address since they've gotten it via your ISP. All they have to do is wait for PB to register itself and they've got access to your machine.
The above works if your ISP does not change your IP (when on DHCP and certainly be done with a court order - depends on the ISP). Since they already know your ISP they will simply get the data they need from then. Until then Goliath will be good at monitoring data WITHOUT PB and without any outside person knowing making it a WHOLE lot better for monitoring and getting data. From what I have read on Goliath (or whatever they are calling it) it will be able to do just about anything they want without a 3rd party company which the govt usually shies away from when dealing with stuff like this - unless you are insinuating that PB is actually a govt entity.... de-do de-do de-do (That would be the Twiligfht Zone theme).

If you play AA or 1942 with a proxy then it would be much harder to find your true IP is PB had to do a search and the ISP decided not to give the IP out or they could not wait or if it was a rogue PB employee - they should only see the proxy and not the true IP (although I do not profess to be an expert in proxies). The trouble with proxies is probably a large reason PB bans by name - that and DHCP. Proxies are used well by several trouble makers in the AA forums - we simply can't ban them because of it.
said by CylonRed:

3) become an admin of the server - I guess they could guess the admin name and password.
said by aberrant:

Not necessary. All they need is your IP address, which they've got.
Uhhh - you do not even KNOW if they can do this yet - that's a jump to a conclusion. At least I called it a theory - because there is zero proof either way.
said by CylonRed:

4) know I am looking at something they want to see - or else be causght by uploading to many screenshots.

said by aberrant:

Not necessary. PB allows them to inspect any file, any memory location, AND take screenshots to boot.
Yea - otherwise they couldn't prevent what it is designed to prevent. Cool - software that doesn't work - GREAT IDEA - people will LOVE to add it to their games to prevent cheaters then....
said by CylonRed:

This is a VERY ineffecient way of doing things since the govt can monitor you better via your ISP or Goliath (I believe that is the big brother program the govt may be running to spy on folks overr the net). If the govt REALLY wanted to see what you had on your PC it is only a sympathetic judge away - they have the means and they will do it - no one needs PB to do it for them.

said by aberrant:

According to PB's own EULA, PB allows them complete, unfettered access to your filesystem. An ISP doesn't allow that... all they can see is what's being transmitted or received, and if that's encrypted with any decent system, they're out of luck. PB gives them the keys to the kingdom, with one-stop shopping (no need to sneak into your house when you're gone).
Yea - I guess the govt would not have computers to BREAK the encryption right? Not like they have never broken it before - right? Not like there are contests on this type of thing that anyone can enter - right? Yea - encryption is 100% so they are ANYTHING but out of luck.
said by aberrant:

I will be more than willing to test out this theory by having one of the Admins for the BBR AA Honor server try and take pics of me insulting them (and their mother ) in Word while I have AA minimized. They would then take PB screenshots and they would have to tell me exactly what I wrote.

said by aberrant:

Do the admins know how PB works? Have they reviewed the code? Do they know ALL the functions (even the easter eggs)?
Ahghh- nice one - out of the best conspiracy plots - just figure there is an alternate plan with zero proof. Sorry - far more proof it works the way they say it does. Besides if a employee knew it did stuff that you think it might then they would stand to make a killing by talking about it...
said by CylonRed:

Right now there is only one way for the govt not to track you or allow your info out to other people:

said by aberrant:

List snipped. We're not talking about tracking. We're talking about collecting information that is otherwise
difficult to collect.
Do a search on a geneology site - lots of info on your family already out there and generally the info is not that difficult - just get the mail or know someone on the inside of one of the businesses. Otherwise indentity theft would be a LOT harder than it currently is.
said by aberrant:

An interesting thought comes to mind. As a pen tester, there are certain things that I'm legally obligated to do. For example, if I ever come across child pornography during one of my tests, I am obligated to inform law enforcement. This goes for any individual, by the way. What happens if EB/PB comes across kiddie porn during one of their captures? Seems to me they'd be liable if they failed to report it. Shrug. IANAL, so I don't know -- but an interesting question, I think.
It would be interesting - but I highly doubt it can determine kiddie porn from file names...

And this is my final post for this thread - I have wasted to much time on it already...

hassle09
@atm2-0-1041166.0x50a

hassle09 to

Anon

to
"The fact is EB needs to change their EULA. I like their product, but it doesn't give them the right to do anything they want on my system. THIS IS THE PART THAT NEEDS TO BE ADDRESS. WHY OFFER A SERVER THAT DOES GOOD, THEN TREAT CUSTOMERS POORLY AND THEN DECIDE TO DO ANYTHING THEY WANT ON YOUR COMPUTER."

Quibbly"

If you dont like the way PunkBuster works, THEN DONT USE IT. How difficult is that to understand?

What even gave you the right to DEMAND to use a piece of software, when you dont even accept the EULA? How many programs have you bought and used without accepting the EULA? If any, you will find yourself on the wrong side of the law!

EB doesnt need to change anything. YOU NEED to change attitude and understand, that the world is NOT turning around you.

You can NOT accept an EULA and complaint afterwards about it. That does NOT make any sense, and you will most likely loose in court mainly because of this.

I wonder if you really got the money. This looks more like a personal vendora.

A quick question:
Do you run a virus scanner? (I assume you´re smart enough to "read bewteen the lines" where I´m getting at. I may however be totally naive on this one).

Someone..