NATION

PASSWORD

[Q] Legality of password-cracking to raid a region

Who needs it, who got it, who hands it out and why.
User avatar
Sail Nation
Spokesperson
 
Posts: 130
Founded: Dec 25, 2019
New York Times Democracy

[Q] Legality of password-cracking to raid a region

Postby Sail Nation » Sun Feb 14, 2021 3:51 am

Woke up this morning to see my region's embassy with The Embassy was closing, due to a raid. For the record, we're putting aside the fiery debate on 'is raiding moral or not'.

Upon checking the regional activity, I saw that not once has the regional password been changed or removed (at least not recently). Therefore, the password must have been guessed, cracked or found out some other way.

So what are the rules on breaking regional password + it's relation with R/D gameplay? I suppose the rules are the same as with nations - no password cracking allowed. But is trying to search for clues and using social manipulation allowed, and if so, is that allowed for nation passwords (can someone steal a nation using those techniques)? Or is it a matter of intent - are people allowed to break into a region against the password-setters will and does that apply to nation passwords.

On the raid, I invite both the residents from The Embassy and the raiders who took a role in the process of obtaining the password to explain how the password was obtained. This is not about raiders v natives or the morals of raiding a password-protected region, but I believe that clearing up the rules on what is legal for both nations and regions is important, as it will hopefully prevent both raiders and defenders from accidentally crossing the line to raid or liberate a region (in the case of defenders this would be liberating a region password-protected by raiders), as well as ensuring that people can't abuse this to steal nations if the rules are the same.

I also repeat, this is moderation and this is about rules only. Other forums such as gameplay are there to debate the morals of raiding these regions (even though I do have strong feelings, I refrain from ranting here).

If the mods believe it would be a good idea, I'm happy to turn this into a discussion thread.
Former WA delegate, MP and Prime Minister in Lorania
MP in Thaecia (as Prussian Sail Nation)
Travelling nationstates (as Sail Nation Travellers), reviewing regions as I go

I'm a Christian and a Liberal. I won't enforce my beliefs on you, so please don't enforce yours on me.

Pro: Life, Freedom of Religion, The EU, LGTBQ+ Rights, Disability Rights, Liberalism, Proportional Representation, Consensus Politics
Anti: Trump, Electoral College, Arguments on the Internet, Political Extremes, Discrimination, Guns, Anti-Vaxxers

User avatar
Sedgistan
Senior Issues Moderator
 
Posts: 29574
Founded: Oct 20, 2006
Anarchy

Postby Sedgistan » Sun Feb 14, 2021 4:16 am

The relevant rule, underlining is mine:
[violet] wrote:Impersonation: Any attempt to maliciously impersonate another nation or region, including employing a similar name or attempting to hack nation or region passwords, is illegal according to the FAQ. Passing nations from one player to another is legal, but inadvisable as the receiver also inherits any warning history attached to the nation.

The rule is applied the same whether it's R/D related or not.

Trying to get a regional password via infiltration of the region is okay (i.e. deceiving someone into willingly giving you the password), and nor is it a new practice. That is the case regardless of whether the region's password-setter wishes it or not.

That is different for nations. No attempt to access another player's nation is allowed, unless it has the owner of that nation's express permission. Trying to trick another player out of their nation is prohibited.

Looking at the way the rules are organised and worded, I think this could potentially do with being clearer; password cracking is a separate matter to "impersonation".

Finally, I think it highly unlikely that the player(s) who obtained your region will explain how they got the password, and nor are they obliged to. Intel, subterfuge and infiltration are an aspect of the game, and it is unlikely that players wish to give away their methods or sources, as that could compromise their ability to do the same again in the future.

User avatar
Lord Dominator
Negotiator
 
Posts: 6551
Founded: Dec 22, 2016
Corporate Police State

Postby Lord Dominator » Mon Feb 15, 2021 1:08 am

Trust me, we raiders are quite aware of where the lines on passwords are, as are defenders. However, in this instance, the point has already publicly indicated how they got the password, prior to passing it on to all support:
Frenchy II wrote:Hello, I obtained the password to the Embassy through a months long process where I...

Founded Traveling Wilburys as Nelson Wilbury, then sent out over 24000 embassy requests with a friend.

Exchanged methods with Ambassadors Reception.

Started doing a song of the day to keep the persona alive.

Then got the password after offering to help maintain the Embassy.

Oh boy am I now doing maintenance work!

User avatar
Sail Nation
Spokesperson
 
Posts: 130
Founded: Dec 25, 2019
New York Times Democracy

Postby Sail Nation » Mon Feb 15, 2021 5:55 am

Lord Dominator wrote:Trust me, we raiders are quite aware of where the lines on passwords are, as are defenders. However, in this instance, the point has already publicly indicated how they got the password, prior to passing it on to all support:
Frenchy II wrote:Hello, I obtained the password to the Embassy through a months long process where I...

Founded Traveling Wilburys as Nelson Wilbury, then sent out over 24000 embassy requests with a friend.

Exchanged methods with Ambassadors Reception.

Started doing a song of the day to keep the persona alive.

Then got the password after offering to help maintain the Embassy.

Oh boy am I now doing maintenance work!

Thanks for that, and thanks to Frenchy for the clarification.

To be honest, I was really confused, as I'd read that The Ambassador's Reception was reluctant to give out the password to anyone, even trusted embassy collectors, but I see exactly what happened here, and while I don't like it, here is not the place for me to rant about it, because it's good to know that this was legal and not dangerous.

And Sedge, I do agree that rules might need a bit of re-writing, as attempting to hack a password is more than just impersonation - I personally think that there should be a section on passwords and what is and isn't legal for both nations and regions.
Former WA delegate, MP and Prime Minister in Lorania
MP in Thaecia (as Prussian Sail Nation)
Travelling nationstates (as Sail Nation Travellers), reviewing regions as I go

I'm a Christian and a Liberal. I won't enforce my beliefs on you, so please don't enforce yours on me.

Pro: Life, Freedom of Religion, The EU, LGTBQ+ Rights, Disability Rights, Liberalism, Proportional Representation, Consensus Politics
Anti: Trump, Electoral College, Arguments on the Internet, Political Extremes, Discrimination, Guns, Anti-Vaxxers

User avatar
Sedgistan
Senior Issues Moderator
 
Posts: 29574
Founded: Oct 20, 2006
Anarchy

Postby Sedgistan » Mon Feb 15, 2021 6:08 am

I opened a discussion in our staff forum earlier this morning about re-writing the relevant parts. Such discussions do tend to move slowly, but we get there in the end.

User avatar
Lord Dominator
Negotiator
 
Posts: 6551
Founded: Dec 22, 2016
Corporate Police State

Postby Lord Dominator » Mon Feb 15, 2021 10:01 am

I would agree however that there probably needs to be more specificity in the rules on password cracking - though the current rule with regions seems to be banning similar nation names in the hopes of confusing a password gover. That should probably stick around, if modern modly feelings on impersonation are the same.

User avatar
Anagonia
Minister
 
Posts: 2728
Founded: Dec 18, 2003
Inoffensive Centrist Democracy

Postby Anagonia » Mon Feb 15, 2021 4:37 pm

I apologize for the intrusion, however I have a question related to this event. Is any password protected region safe from raiders? What I mean is, if a region is dedicated to role playing and a raider gains the password through these rules you've permitted, and the region wants nothing to do with raiding or defending, is that region simply out of luck?

I appreciate any clarification on this event and rule so I may properly plan my future in relevant regions. I once again apologize for the intrusion but sincerely hope the question is relevant to the discussion and warrants an answer.

Thank you.

User avatar
Lord Dominator
Negotiator
 
Posts: 6551
Founded: Dec 22, 2016
Corporate Police State

Postby Lord Dominator » Mon Feb 15, 2021 5:16 pm

Provided that we (raiders) gain your password through the legal means of convincing someone to give it to is (or getting someone inside prior to the password implementation), then yes you're out of luck in that regard.

User avatar
Anagonia
Minister
 
Posts: 2728
Founded: Dec 18, 2003
Inoffensive Centrist Democracy

Postby Anagonia » Mon Feb 15, 2021 5:48 pm

Lord Dominator wrote:Provided that we (raiders) gain your password through the legal means of convincing someone to give it to is (or getting someone inside prior to the password implementation), then yes you're out of luck in that regard.


Does this include granting passwords to new members of password protected regions to permit them entry or is that excluded? For example, raider 1 plays as a prospective member and uses that to join a password region that has had a password for a while. So he's finally granted entry and given password, then raider 1 gives password to raider 2 and so forth. Is that legal?

User avatar
Lord Dominator
Negotiator
 
Posts: 6551
Founded: Dec 22, 2016
Corporate Police State

Postby Lord Dominator » Mon Feb 15, 2021 6:01 pm

Anagonia wrote:
Lord Dominator wrote:Provided that we (raiders) gain your password through the legal means of convincing someone to give it to is (or getting someone inside prior to the password implementation), then yes you're out of luck in that regard.


Does this include granting passwords to new members of password protected regions to permit them entry or is that excluded? For example, raider 1 plays as a prospective member and uses that to join a password region that has had a password for a while. So he's finally granted entry and given password, then raider 1 gives password to raider 2 and so forth. Is that legal?

Yes - once someone has legally obtained the password, they can tell whomever they wish

User avatar
Anagonia
Minister
 
Posts: 2728
Founded: Dec 18, 2003
Inoffensive Centrist Democracy

Postby Anagonia » Mon Feb 15, 2021 6:18 pm

Lord Dominator wrote:
Anagonia wrote:
Does this include granting passwords to new members of password protected regions to permit them entry or is that excluded? For example, raider 1 plays as a prospective member and uses that to join a password region that has had a password for a while. So he's finally granted entry and given password, then raider 1 gives password to raider 2 and so forth. Is that legal?

Yes - once someone has legally obtained the password, they can tell whomever they wish


Just to be clear.

Even if a region isn't willingly participating in the gameplay side of things, a raider can obtain a password through espionage, and because it's completely legal to obtain it after they were given the password in good faith for a different purpose, raiders are completely legal to raid the region and do what they want?

Thanks for your answers so far.

User avatar
Frisbeeteria
Senior Game Moderator
 
Posts: 25230
Founded: Dec 16, 2003
Anarchy

Postby Frisbeeteria » Mon Feb 15, 2021 7:31 pm

Anagonia wrote:Even if a region isn't willingly participating in the gameplay side of things, a raider can obtain a password through espionage,

There's nothing preventing a Founder from admitting someone new, then changing the hidden password. The founder can do this without influence cost, unlike other officers with the ability to set passwords.

User avatar
Flanderlion
Ambassador
 
Posts: 1738
Founded: Nov 25, 2013
Psychotic Dictatorship

Postby Flanderlion » Mon Feb 15, 2021 7:50 pm

Anagonia wrote:
Lord Dominator wrote:Yes - once someone has legally obtained the password, they can tell whomever they wish


Just to be clear.

Even if a region isn't willingly participating in the gameplay side of things, a raider can obtain a password through espionage, and because it's completely legal to obtain it after they were given the password in good faith for a different purpose, raiders are completely legal to raid the region and do what they want?

Thanks for your answers so far.

Yep. Essentially, keep an active founder and you should be fine.
As always, I'm representing myself.
Information

User avatar
The Universal Hegemony
Lobbyist
 
Posts: 11
Founded: Feb 15, 2021
Anarchy

Postby The Universal Hegemony » Thu Feb 18, 2021 6:22 am

https://forum.nationstates.net/viewtopic.php?f=15&t=304114
The title rang a bell. From Ballotonia:

No, this is *NOT* legal.

In fact, it's stunning that you (or anyone) would think that bruteforce cracking a password would ever be considered legal."
✪✪✪ The Universal Hegemony of the Atlantic ✪✪✪
History is Ending, She Endures
A federal union of nation-states across the globe committed to liberal democracy, free enterprise, and human rights, in the year 1976 AD

✪✪✪
Supranational Federal Union of liberal democracies in a dystopian world where liberalism lost WW2. Inspired by OFN/USA from the HOI4 mod The New Order.
✪✪✪
Factbook
✪✪✪
OOC Explanation of the UHA
✪✪✪
OOC Overview of the individual behind UHA

User avatar
Lord Dominator
Negotiator
 
Posts: 6551
Founded: Dec 22, 2016
Corporate Police State

Postby Lord Dominator » Thu Feb 18, 2021 9:48 am

The Universal Hegemony wrote:https://forum.nationstates.net/viewtopic.php?f=15&t=304114
The title rang a bell. From Ballotonia:

No, this is *NOT* legal.

In fact, it's stunning that you (or anyone) would think that bruteforce cracking a password would ever be considered legal."

That describes random guessing of a password until you find it, which is indeed illegal (and not what happened here).

User avatar
Sedgistan
Senior Issues Moderator
 
Posts: 29574
Founded: Oct 20, 2006
Anarchy

Postby Sedgistan » Fri Feb 19, 2021 6:50 am

Okay, a rule re-wording has been made as a result of this discussion:

Current bits of relevant rules:
[violet] wrote:Impersonation: Any attempt to maliciously impersonate another nation or region, including employing a similar name or attempting to hack nation or region passwords, is illegal according to the FAQ. Passing nations from one player to another is legal, but inadvisable as the receiver also inherits any warning history attached to the nation.

[violet] wrote:Nation Hijacking: Stealing someone else's nation by gaining their password is a very serious offense and likely to result in a permanent ban from the site. Note the section on shared accounts for when an account is shared.


New bits of relevant rules:
[violet] wrote:Impersonation: Any attempt to maliciously impersonate another nation or region, including employing a similar name is illegal according to the FAQ. Note that the impersonation must be "malicious" to be a prohibited action, and we generally require the report to come from the impersonated party.

[violet] wrote:Nation Hijacking: Stealing someone else's nation by gaining their password is a very serious offense and likely to result in a permanent ban from the site. Note the section on shared accounts for when an account is shared.

Regional passwords: Attempting to hack, crack or guess a region's password is prohibited. Note that using deception to gain a region's password through someone giving it to you willingly is not prohibited, so long as other rules (e.g. on Malicious Impersonation) are not violated in the process.


"Impersonation" has been made more focused - the bits on nation/region passwords removed, as well as the nation sharing part - all are covered elsewhere, and not really relevant to Impersonation.

"Nation Hijacking" is unchanged, I just posted it for reference.

"Regional passwords" is a new section.

User avatar
Anagonia
Minister
 
Posts: 2728
Founded: Dec 18, 2003
Inoffensive Centrist Democracy

Postby Anagonia » Fri Feb 19, 2021 7:53 am

I believe this question follows this discussion.

May I inquire the legality of an individual guessing the password correctly or being given the password by a disgruntled participant of a region with a founder having an non-executive delegacy being able to be banned from their own region, using the games own mechanics to "opt-out" of raiding against them? My further investigation into this extremely diverse issue keeps bringing up circumstances which entirely benefit the raiding/defending community and bring completely unfair consequences for those not involved. In this situation that I bring up, a raider, for example, can easily manipulate the situation to gain entry legally according to your site rules and - if they had enough top-level cooperation - ban the founder from the region.

Are there any staff interpretations of this issue or perspectives that limit the threat of this tactic? I appreciate any input and hope I've added to the discussion.

User avatar
Sedgistan
Senior Issues Moderator
 
Posts: 29574
Founded: Oct 20, 2006
Anarchy

Postby Sedgistan » Fri Feb 19, 2021 7:57 am

You've given two situations in there, both of which are answered in the wording of the rule - guessing a password is illegal; being given it willingly is not.

A founder with a non-executive delegate position in their region cannot be banned unless they appoint a regional officer with border control powers.

User avatar
Comfed
Diplomat
 
Posts: 894
Founded: Apr 09, 2020
Psychotic Dictatorship

Postby Comfed » Fri Feb 19, 2021 7:57 am

As far as I know guessing the password, even if you guess correctly, is against the rules. Someone giving you the password and you entering the region is fine, which is why you have to be very careful with who you tell the password.
Mall:
Best part about being a mod was engaging in normal player behavior and getting accused of abuse
"You think this is abuse? I'll SHOW you abuse."
Ever-Wandering Souls wrote:In the liberal justice system, raiding-based offenses are considered especially heinous. In The South Pacific, the dedicated defenders who investigate these vicious felonies are members of an elite squad known as the Council on Regional Security. These are their proscriptions. DUN DUN.

Numero Capitan wrote:I haven't bothered reading back but I can unequivocally say that I agree with everything HEM has said and Unibot is wrong

Put this in your sig if you passed biology and know that gender and sex are not the same thing.

User avatar
Anagonia
Minister
 
Posts: 2728
Founded: Dec 18, 2003
Inoffensive Centrist Democracy

Postby Anagonia » Fri Feb 19, 2021 8:05 am

Thank you sincerely for your replies. Please understand I am not attempting to address this issue unprofessionally and apologize if I approach it as such. Thank you for understanding. I will reply in best order.

Comfed wrote:As far as I know guessing the password, even if you guess correctly, is against the rules. Someone giving you the password and you entering the region is fine, which is why you have to be very careful with who you tell the password.


I appreciate the reply. For more clarification, in my scenario, a raider will be given the password and find mutual cooperation with top-level authority in the region. In Sedgistans reply he implicitly states the position that enables this to happen. My question was directly referencing the fairness of this and the defenses granted in such a situation or if in fact in this situation presented, the region is out of luck.

Sedgistan wrote:You've given two situations in there, both of which are answered in the wording of the rule - guessing a password is illegal; being given it willingly is not.

A founder with a non-executive delegate position in their region cannot be banned unless they appoint a regional officer with border control powers.


I sincerely apologize for the confusion Sedgistan!

As remarked in my reply to Comfed above, my issue is addressing the loopholes in the system that benefit a raider who plays the "long-game", as an example. We've already seen one such example of this - though admittedly not in this capacity - play out in recent history. The issue I am addressing here is a security issue wherein the founder can be ejected when they are attempting to prevent raiding/defending participating for their region. Since there is no explicit rule defending players who do not want to partake in this part of the game, the raiders themselves can easily begin their work and infiltrate legally the region. They can then work themselves up into the position you so accurately mentioned. At that point nothing stops them, even if they are found out, according to my understanding of your rules.

If I am incorrect in this situation please, I ask your correction. At this juncture I have not seen where it states a defense for regions suffering from a situation such as this. I greatly appreciate your reply and again apologize for the confusion.

User avatar
Sedgistan
Senior Issues Moderator
 
Posts: 29574
Founded: Oct 20, 2006
Anarchy

Postby Sedgistan » Fri Feb 19, 2021 8:17 am

If a founder does the following:

1) doesn't cease to exist
2) remains in their region
3) ensures the Delegate position is non-executive
4) does not appoint any Regional Officers with Border Control powers

There is nothing at all that can be done to remove them from that region.

This is straying from the rules issue clarification that's been discussed in this thread.

User avatar
Anagonia
Minister
 
Posts: 2728
Founded: Dec 18, 2003
Inoffensive Centrist Democracy

Postby Anagonia » Fri Feb 19, 2021 8:30 am

Sedgistan wrote:If a founder does the following:

1) doesn't cease to exist
2) remains in their region
3) ensures the Delegate position is non-executive
4) does not appoint any Regional Officers with Border Control powers

There is nothing at all that can be done to remove them from that region.

This is straying from the rules issue clarification that's been discussed in this thread.


I appreciate your clarification. I'll address what I believe to be a flaw in the rules in a later discussion. Thank you sincerely for your explanation.

User avatar
Lord Dominator
Negotiator
 
Posts: 6551
Founded: Dec 22, 2016
Corporate Police State

Postby Lord Dominator » Fri Feb 19, 2021 10:43 am

Additionally, even if the founder does gives others BC, they retain an unlimited ability to change the password and ban any raiders at no influence cost regardless of where they are - the only thing an executive founder can't do if they're not in the region is remove executive authority from the delegate position.


Advertisement

Remove ads

Return to Moderation

Who is online

Users browsing this forum: Celestial Wave, Rathalas, Sirian, The English Socialist Union of Oceania, Toerana

Advertisement

Remove ads