Evony community info

Evony has a new message on their home page.  Here’s a snippet of it:

Dear Players,

We have been excited at the success of iEvony, but we have also come across an unintended side effect of the iEvony system. Some players have abusively and unethically engaged in spamming practices on a variety of websites with the intent of boosting their credits. This practice affects site traffic and makes headaches and extra work for moderators on a variety of websites. It reflects poorly not only on these users, but also on Evony as a whole.

For this reason, we will absolutely not tolerate such spamming practices. Players who engage in spam practices (posting multiple threads from multiple accounts on the same site, attempting to get forum users to follow a link) will be aggressively pursued and sanctioned. Penalties may include: being stripped of ALL earned Credits and any Coins or items they were exchanged for; having your iEvony account permanently disabled; being temporarily or permanently banned from Evony.

An unintended side effect huh?  Hmm… who could have foreseen something like that happening?  Completely out of the blue, and totally shocking.  

What?  The message didn’t say they were surprised, or that it was unexpected?  Hmm…  They will not admit stupidity here, which makes sense.  What doesn’t make sense is that this notice is only put up now after the “headaches and extra work for moderators on a variety of websites” rather than when the iEvony rewards program was posted.  Even worse, they still support this spamming program and a much nastier email spam program which will pay for every email sent (not just for actual joining).  Do I really need to predict more negative spamming reputation and this program being discontinued?  Shouldn’t you just start using sustainable advertising/affiliate practices Evony and discontinue your spam ones?

Bookmark It

Hide Sites

With the latest nix by Evony on the access to their servers (voluntary on our part) we are forced to do business blind to in-game data.  Mostly, nothing will be affected in terms of functionality, however, you will have to help us enter the data in instead of getting it automatically.  No biggy right?  Really?  You really think so?  Great!  Go ahead and you do it, but send me the code afterwards, I want to take credit for it.  Pretty please.

The way the map stands now, you, the user, will get to click a grass patch area and tell the map what exists there.  Is it a forest, a lake or a city?   You will also specify its level.  Sounds simple enough, but it’s a lot of clicking so start saving your clicks from now for the map.  

When you add cities to the map, you would be able to specify the lord for the city as well as the alliance and other information visible in the Evony map.  This information will not be searchable due to Evony’s concern over unfair game play using 3rd party websites.  One of the most desirable features in building such a map is showing all the alliance cities on one world, and actually searching for alliance members city coordinates (one of the biggest peeves by Evony players). 

Ideally, we would want to show such information only to players in that alliance, however, now that we can’t access Evony servers, we cannot verify a person indeed belongs to an alliance she claims to.  Since the feature is so useful that we have to implement it, essentially Evony has created an unfair gameplay problem for themselves by restricting us from doing our due diligence and securing the map browsing.   If you’re as concerned as we are, please write to them and complain.

Bookmark It

Hide Sites

You might have got an Evony Security reminder on Monday June, 29th.  I am going to address all that and tell you that we are responsible for it, and that they lied to you, but in fairness to you, it’s going to be a longer post than usual, so grab yourself some iced drink and get comfy - this is good advice - don’t stop reading just because I said it’s long - it has juicy stuff in it, not just another rant.  As always this is my opinion only, not that of EvonyNet’s.  If you are interested in what others say, please visit their sites at guildielocks, nynaeve, amolk, and beginner.

The text of the Evony system mail is:

Attention Players,

We’ve recently seen a rise in the number of sites attempting to compromise players’ account information. Because of this, we wanted to take this time to remind our players that you should never enter your account information in any website except the official evony.com website. Evony has no affiliate websites and any website which asks for your Evony login information is trying to steal that information. 

It is against the Terms of use to use cheats, automation software (bots), hacks, mods or any other unauthorized third-party software, macros or scripts designed to modify the Evony experience.  Use of such items will result in your Evony account being banned.

Evony staff will never ask for your account information and that your account information should only be entered when logging in to the game with the official client. Never give your password to anyone! This will keep your account secure and your hard work safe.

Remember, your hard work on Evony has taken a long time. Don’t let others take advantage by handing over your account details. 

Thanks,

Evony Team

Evony do their business in a somewhat different way than what we’re accustomed to, perhaps due to being a Chinese company.  It has been hard for us to establish contact with them and tell them what we’re doing, and we were trying using multiple channels.  Here is what EvonyNet were doing:

• EvonySocial - This is a social network exclusive for Evony players!  You had to enter your Evony game login here and it will fetch your data from the server to display for yourself and your friends.  You could set your security level appropriately.  Chat securely with your Evony verified alliance members.  Add and invite your friends to join you.
• Evonypedia - A really nicely organized Evony Wiki with many of your top favorite articles, such as our quick-start guide, theory crafting, and the ever evolving - Ballistae vs. Barbarians.
• EvonyPress - The Evony blogs.  You can start your own blog here, but you should know that since this is where I’m blogging and you’re reading.
• EvonyMap - A google maps style Evony world map.  It would have all the Evony maps for all the servers, and you can put your alliance flag down for all to see, or just your friends.
• EvonyAnswers - So far, not a very useful site, but in the future it will be a place where you can post a question and rate the answer just like Yahoo Answers, except only Evony related, so that you can search other answers as well.
• EvonyAlerts - At the moment, it’s only an email notifier to alert you to when a new Evony server launches.  It’s your chance to finally beat our editor, he’s always the number 3 on a new server because he put himself at the front of the notification list.  Well I say let’s teach him a lesson.  Get notified of a new server, join as soon as you can, and ally with everyone except for the person asking how everyone knew about the server, and beat up on that person.  BTW, I ask that too, so make sure you’re not beating up on Merkavah.

We were planning some other services, like real-time map, queue notifications, and such.  Tools you’d love, which are nixed for the moment. 

The day before that security statement was sent, one of our team members who shall remain anonymous, in desperation, decided to send Evony a letter claiming they have a security hole that we are exploiting and that they should contact us to help them solve the problem.  I’m just being honest here, lets not get all hot headed and do something rush like fire the blogger who should be doing development instead. 

Evony has no security holes.  They don’t.  They have a web-based game, flash actually, written in flex, which was easy enough to decompile to see the communication protocols so that we can communicate with their servers.  We notified them immediately we are using their protocols (got no reply to that) and we had a very strict policy not to write anything to the Evony servers.  There was one unforeseen security breach for Evony.  We needed Evony users names and passwords to access their account information to make our social network easier to use.  Some people really didn’t trust us, for example this thread (cached by google).  About 800 other people did trust us, and really enjoyed their experience.  The trouble is that we needed plaintext passwords to login into Evony.   It’s communication is browser encrypted, but the passwords are not encrypted again.  That meant that we could see users passwords.  So the first thing we did was encrypt it in our database.  No longer could any of us see any of your passwords unless we wrote special code to do so. 

Let’s face it, if you give us your password, even if Evony fixed their protocols and accepted hashed passwords, we could still use your password whenever we want.  And no matter what encryption they use, we’d always be able to communicate with their servers, since their clients will decompile easily and run on our computers.  That is the nature of web-based games.  The only difference is that we would never know what your password is in plaintext.  Significant?  Maybe.  Here’s why it’s good you’ve read so far, because you obviously don’t listen to other sites, but you will listen to me.  Create different passwords for different sites, and don’t share passwords on sites that can track you to another site, even banks!  Yes, your online security is up to you!  If you did listen to all the other sites, then my apologies for blaming you, but really why do you listen to everything every website tells you?  My point - come here, and listen to me.

The next day, we actually got to talk to another contact in Evony who listed a list of infractions, some of them seem rather bogus like claiming terms of use violation regarding using Evony protocols.  To clarify, this contact is unconnected to the security scare email mentioned before.  He agreed to connect us to his bosses so that we can enter an agreement with them, but the next day they said they are not interested in any agreements with anyone, at least until they plug-in their fictional security holes.  And then they sent all of us that Evony security reminder.

The security reminder lies to you because it says: "any website which asks for your Evony login information is trying to steal that information."  We have over 800 users and we never stole anyone’s information.  We discontinued all use of Evony protocols immediately after they asked us to.  A hacker would have ignored them, and if they’d try to shut him down, he’d distribute the code for free on the Internet, so that there would be hundreds of sites that try to phish your information with some credibility.  Sites that can build automatic queues.  Sites that can play the game for you.  We will never do that without Evony’s explicit approval, and that is why you can trust us. 

Their next statement is: "It is against the Terms of use to use cheats, automation software (bots), hacks, mods or any other unauthorized third-party software, macros or scripts designed to modify the Evony experience.  Use of such items will result in your Evony account being banned. "

We do not write to the server, so there are no automation software, cheats, hacks, mods, or macros.   We do use programming scripts but so does every other website, like theevonywiki or Evony’s own forums.  Are you not supposed to go and read about improving your Evony gameplay on any website because it will modify your game experience?  That is stupid.  Are you not allowed to use a PDA and input in it an alert for your construction end time so that you can build something else as soon as possible?  It is running an unauthorized 3rd party software which will modify your Evony experience.  We do nothing to modify your in-game experience and have no plans to do so, except, again, with Evony’s explicit approval.

Well, thanks for reading this long post, and I hope I explained our story to you and reassured you about your security at EvonyNet.  Feel free to ask me questions, or disagree with me, though I’m always right, so just save your time.  And if you want my gratitude, write to Evony, and tell them to allow other sites to talk to their servers to simplify your life.  And when we do simplify your life, we’d be even.

Bookmark It

Hide Sites