EVE Evolved: How much trust is too much in EVE Online?

Of all the headlines to come out of EVE Online over the years, the biggest and most far-reaching have been the stories of massive thefts and underhanded scams. The MMO community has grown up hearing these tales, from the embezzlement of EVE‘s first public bank in 2009 and the estimated $45,000 US Titans4U scam in 2011 to the trillion ISK Phaser Inc scandal and beyond. EVE has been embedded with this narrative of mistrust and betrayal for most of its life, the most famous example still being the Guiding Hand Social Club heist from all the way back in 2005.

Yet when a player recently stole three extremely rare ships using social engineering, the victims expressed only disappointment that they had lost a friendship they valued. The question for players and the wider MMO community today is simple: How much trust is too much to give someone in an MMO? To what degree should the game mechanics automatically protect your assets and privacy, and how much of that protection should you be able or expected to give up in order to make progress or join a group?

It’s been a long-held belief of mine that part of what makes EVE Online‘s communities so tightly knit and the friendships you make there so rewarding is the fact that your comrades could steal from you or betray you in any number of ways but choose not to. On the other hand, the possibility of betrayal has also led to some extreme risk-mitigation strategies and corporations sometimes ask for uncomfortable levels of information as part of their recruitment processes.

In this edition of EVE Evolved, I explore the role that trust plays in EVE Online today, look at the harsh recruitment requirements some corporations have and ask how much trust is too much to give someone in an MMO.

The role of trust in building MMO societies

I’ve often argued that you need the anti-social element in a sandbox MMO in order to build a cohesive society, that the possibility of betrayal must exist if you want trust between players to mean anything. Early wormhole corporations will know this all too well, as they were forced to use open starbase hangars and shared ship maintenance arrays to store their assets and any corp member with access could have run off with a lot of stuff. The same is true of any activity in which you’re forced to rely on someone else, from small-scale PvP right the way up to territorial alliance warfare.

Allowing people to lie, steal, and cheat creates a space for both people who want to engage in these activities and those who oppose them, in the same way that the presence of a villain can inspire the birth of a hero. Sakanne wrote an interesting article on this back in 2014 arguing that the balance between villain and hero is skewed toward villains in EVE, but EVE is not entirely without heroes and worthy individuals. In a universe in which trusting the wrong person could get you killed or cost you a lot of ISK, earning trust and building a reputation over the years can open some big doors. I personally used my reputation in the community years ago to run public investment schemes, and others have used theirs to lead powerful alliances and launch impartial third party services to secure complex trade deals between players.

Mitigating risk and the need for trust

If there’s one thing EVE Online players are good at, it’s mitigating risk. Hundreds of players lost their ships in the first few days of the Sansha incursions in 2011, but it wasn’t long before we’d documented every detail of the new gameplay and developed strategies to remove all danger. We have entire websites dedicated to rigorously cataloguing the threats in PvE sites, and third party services such as Chribba’s are designed to eliminate the risk of theft in trade deals and investment schemes.

Even PvP is a game of sizing up the capabilities of enemy fleets and measuring the risk of engaging, with groups using scouts and spies to gather intel and always leaving themselves safe exit routes when possible. It should be unsurprising then that corporations will use every tool at their disposal to mitigate the risk of recruiting spies and saboteurs.

One such tool is the EVE API, which was intended to let player-made programs pull data about your characters directly from the game servers but can also be used to perform a forensic examination of your account. Corporations will often ask for an API key as part of the recruitment process, and the levels of access they ask for can vary. Some smaller corps just want the names of your characters and access to see your skills in order to make sure you’re not an obvious alt character of someone else, but often they ask for access to some considerably more private information.

Giving out your API key

Reader kgptzac contacted me recently after he found himself reading the recruitment requirements for Brave Newbies, a popular corp for new players with over 4,000 active members. Like many large corporations in EVE, Brave Newbies asks for an API key as part of the application process.

The application page supplies a link to an API template that essentially asks for full access, allowing them to see things like all market and financial transactions you make in the game, all of your assets throughout the game, your private contact list, and the full text of all personal in-game EVEmails. Brave isn’t the exception here either, as many large corps will now ask for full account-wide access to this information as part of recruitment.

How much should you trust people?

We’ve come to accept that corporations will ask for our API keys to weed out potential spies and awoxers, but many of the permissions they ask for are totally unnecessary. Reading my private EVEmails isn’t going to make your corp more secure, and neither is knowing all of my purchases and market orders in Jita or where I have my tech 2 blueprints and capital ships stored. Not to mention that every large alliance is already riddled with spies and a real spy will just bypass these checks by creating a clean account.

The bottom line is that information on people’s assets and skills can be strategically useful in EVE and alliances will take all the information on their members that they can get their hands on. As long as the API dishes out this kind of information for use in apps, large corporations will almost universally ask their members for the maximum level of access. The practice is so commonplace that CCP even warns players that their EVEmails should not be considered private. It’s up to the individual player to decide whether to trust a corporation with that level of information or if the price of admission is just too high.

Trusting individual players is a different matter entirely though, and it’s something that you really can’t avoid when you’re living in a sandbox with so many other players. You just have to trust your corpmates won’t try to screw you over, that the logistics pilot in your incursion fleet isn’t going to let you die, that your fleet commander in PvP knows what he’s doing, and that the scout you sent up ahead isn’t secretly working for the enemy. While it’s definitely possible to play EVE solo and avoid trusting anyone at all, doing so will limit what you can achieve and robs you of forming the kinds of friendships that MMOs are typically a catalyst for.

A large portion of EVE‘s gameplay is group-oriented and relies on putting your trust in other players. On one hand, that approach promotes more tightly knit social groups because you can’t help but make friends with other people when you’re relying on them every day. On the other hand, forced socialisation is a touchy subject, and it’s led to corps asking players to give up an excessive amount of privacy in order to join.

So how much trust is too much to give someone in EVE? Can you really get along in EVE without trusting anyone at all, and would you let a corp read your EVEmails and see a full list of your assets?