OK, here’s an idea I’ve really been too snowed under with real projects to play around with. If you want to implement it go ahead; you’ve got a few weeks till I clear my plate and have at it.
In EVE, there’s always been a fairly open market for secrets. Be it market info, inside information on fleets, teamspeak login details, you name it. There’s no real formality to any of this, though; it’s very cloak-and-dagger, and that brings it’s own dangers; misinformation, for example.
My idea was this: Why not have a trading system for secrets? It would allow complete anonymity between spy and spymaster, it would permit a level of security for spies and spymasters not seen before in EVE (Protection against paying for misinformation, for one thing), and it would make being a spy much easier.
In order to protect everyone: Spymasters would have to provide payment in advance to the service (they put up a request for the information they’re looking for). Spies can give a snippet of the intel to show they’re not making it up, and can then be paid by the spymaster. The spy can’t withdraw the ISK for a week after being paid, during which time the spymaster can revoke the payment if the intel proves to be useless.
This would work, because spymasters want to reward good spies, are at no risk from spies providing crap info, and the identity of the spy/spymaster is concealed, reducing the chance of the spy being revealed by their spymaster or by the app being compromised. The only person who would have to know the identifies of the spies/spymasters would be whoever ran the app; a problem for some, perhaps, but if it were run by someone entirely unquestionably reliable and reputable (or simply someone with nothing to gain) it’d be fine.
Many may argue that spies already have it too easy. I’d agree. This still seems like a pretty nifty app idea, though, so I’m throwing it out there for some critique and discussion, and maybe even as an app for developers looking for something to do in the world of EVE.
Same for mercenary contracts, it would be like C&P 2.0. I leave it to you to do, my coding is rusty.
Excellent Idea.
Good Idea, but can you trust the Market Operator? He will be the one who gets all Information and can sell or change it for his own benefit.
Therein lies the problem. The only way I can see this could work is if the service uses public/private key cryptography/signing to protect the data.
For example: Spymaster Alice wants info on Alliance A’s fleet composition/fittings. Spy Bob knows this info and agrees to give it to Alice.
Alice has, during signup, registered her public key with the service, and Bob uses the key to encrypt the message, after signing it with his key, which he also registered with the service.
If we assume that the operator, Eve, is trying to eavesdrop, Eve now needs both Bob and Alice’s private keys in order to alter the data, or just Alice’s key to read it. Eve’s control over the data assuming keys are not compromised is limited to sending or not sending the data between parties.
Of course, the problem then lies in making public/private key cryptography simple enough for the average EVE player, in a way that is still secure.
I think the only way to do this would be to provide an open source client to the website that ran on a user’s computer and managed the public/private key aspects (generation, signing, encryption). In fact, all the website needs to do is keep a register of users, their public keys, requests for information and responses given to that information. A small helper app that ran locally, responded to special links on the site (say I click ‘Respond’ on Alice’s offer; the website opens up the app and asks me to enter my response before signing and encrypting the response and POSTing it to the server), as long as the helper app is open source, would guarantee security between parties and ensure there is no eavesdropping by Eve.