Transcript mailing? #35

New Issue

2019-01-24T17:57:36Z

NQNStudios commented

2019-01-24 17:57:36 +00:00

(Migrated from github.com)

This haxelib might make it possible to automatically collect transcripts from playertesters' playthroughs: https://github.com/benmerckx/smtpmailer

concerns:

player/playtester privacy
dev security -- including mail account passwords in exported code (especially js), etc.

This haxelib might make it possible to automatically collect transcripts from playertesters' playthroughs: https://github.com/benmerckx/smtpmailer concerns: * player/playtester privacy * dev security -- including mail account passwords in exported code (especially js), etc.

😕 1

ZAD-Man commented

2019-02-06 05:46:55 +00:00

(Migrated from github.com)

Personally I would feel fine (ethically) with including automatic transcripts if the player was only making selections from options I'd written, but would want to include a notification, and ability to disable, if the user was entering text. I think it has a place in a tool like this.

I think security could be the deal-breaker here though. If that library requires you to put your password in plain text, no method of passing secrets or anything, I would say BURN IT WITH FIRE. :P There have to be better options, and if not, the choosing the "none" option beats the insecure option... Unfortunately I can't really tell from their Readme.

Personally I would feel fine (ethically) with including automatic transcripts if the player was only making selections from options _I'd_ written, but would want to include a notification, and ability to disable, if the user was entering text. I think it has a place in a tool like this. I think security could be the deal-breaker here though. If that library requires you to put your password in plain text, no method of passing secrets or anything, I would say **BURN IT WITH FIRE**. :P There have to be better options, and if not, the choosing the "none" option beats the insecure option... Unfortunately I can't really tell from their Readme.

NQNStudios commented

2019-02-06 05:55:42 +00:00

(Migrated from github.com)

Thanks for the feedback. I'm no security expert, but I agree the ideal case
wouldn't require the story dev to include their password in their code or
binary, and definitely no player passwords would be required.

You raise an interesting point I'd forgotten to mention -- Hank's API
doesn't allow any input other than pre-written choices, but a Hank dev can
always get that input another way and pass it as a Haxe variable the story
can reference. So story devs would indeed be able to violate the player's
privacy in that way. Then again, they could always do this in an infinite
number of other ways regardless of what Hank allows.

On Tue, Feb 5, 2019, 10:46 PM ZAD-Man notifications@github.com wrote:

Personally I would feel fine (ethically) with including automatic
transcripts if the player was only making selections from options I'd
written, but would want to include a notification, and ability to disable,
if the user was entering text. I think it has a place in a tool like this.

I think security could be the deal-breaker here though. If that library
requires you to put your password in plain text, no method of passing
secrets or anything, I would say BURN IT WITH FIRE. :P There have to be
better options, and if not, the choosing the "none" option beats the
insecure option...

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/NQNStudios/hank/issues/35#issuecomment-460908251, or mute
the thread
https://github.com/notifications/unsubscribe-auth/ACdwqa-G1Nn99dvZheD-LQsjMea-fZ7Wks5vKmxPgaJpZM4aRaAO
.

Thanks for the feedback. I'm no security expert, but I agree the ideal case wouldn't require the story dev to include their password in their code or binary, and *definitely* no player passwords would be required. You raise an interesting point I'd forgotten to mention -- Hank's API doesn't allow any input other than pre-written choices, but a Hank dev can always get that input another way and pass it as a Haxe variable the story can reference. So story devs would indeed be able to violate the player's privacy in that way. Then again, they could always do this in an infinite number of other ways regardless of what Hank allows. On Tue, Feb 5, 2019, 10:46 PM ZAD-Man <notifications@github.com> wrote: > Personally I would feel fine (ethically) with including automatic > transcripts if the player was only making selections from options *I'd* > written, but would want to include a notification, and ability to disable, > if the user was entering text. I think it has a place in a tool like this. > > I think security could be the deal-breaker here though. If that library > requires you to put your password in plain text, no method of passing > secrets or anything, I would say *BURN IT WITH FIRE*. :P There have to be > better options, and if not, the choosing the "none" option beats the > insecure option... > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/NQNStudios/hank/issues/35#issuecomment-460908251>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/ACdwqa-G1Nn99dvZheD-LQsjMea-fZ7Wks5vKmxPgaJpZM4aRaAO> > . >

ZAD-Man commented

2019-02-06 07:07:44 +00:00

(Migrated from github.com)

To the second paragraph, yes, that's exactly why I think the feature has a place here - tools shouldn't be withheld just because someone might misuse them (generally, at least).

To the second paragraph, yes, that's exactly why I think the feature has a place here - tools shouldn't be withheld just because someone _might_ misuse them (generally, at least).

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: NQN/hank#35